Webchess Project - Webchess CVE

Filtered by vendor Webchess Project Subscribe

Filtered by product Webchess

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-39851	1 Webchess Project	1 Webchess	2023-08-21	N/A	9.8 CRITICAL
DISPUTED webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation.
CVE-2019-20896	1 Webchess Project	1 Webchess	2020-07-09	7.5 HIGH	9.8 CRITICAL
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.

Vulnerabilities (CVE)