Roflo1

**Name of the Vulnerable Software and Affected Versions** WebChess version 1.0 **Description** The issue allows SQL injection via the `messageFrom`, `gameID`, `opponent`, `messageID`, or `to` parameter. **Recommendations** For WebChess version 1.0, as a temporary workaround, consider restricting access to the parameters `messageFrom`, `gameID`, `opponent`, `messageID`, and `to` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.