CVE-2023-39851

Name of the Vulnerable Software and Affected Versions webchess version 1.0

Description A SQL injection issue was discovered in webchess via the $playerID parameter at the "mainmenu.php" endpoint. However, it is disputed by a third party who claims that the $playerID is a session variable controlled by the server, potentially limiting its exploitability.

Recommendations For webchess version 1.0, as a temporary workaround, consider restricting access to the "mainmenu.php" endpoint or validating and sanitizing the $playerID parameter to minimize the risk of exploitation.