Vulnerabilities > Webchess Project

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-39851 SQL Injection vulnerability in Webchess Project Webchess 1.0
webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.
network
low complexity
webchess-project CWE-89
critical
9.8
2023-01-11 CVE-2023-22959 SQL Injection vulnerability in Webchess Project Webchess 0.9.0/1.0.0
WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).
network
low complexity
webchess-project CWE-89
8.8
2020-07-07 CVE-2019-20896 SQL Injection vulnerability in Webchess Project Webchess 1.0
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.
network
low complexity
webchess-project CWE-89
critical
9.8