Aggregates CVE and security vulnerability intelligence across all webchess_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, with potential vendor impact data exposure across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-39851 | webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation. | [email protected] | 9.8 | 0.36% | 2023-08-15 | 2025-07-03 |
| CVE-2023-22959 | WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName). | [email protected] | 8.8 | 0.34% | 2023-01-11 | 2025-04-07 |
| CVE-2019-20896 | WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter. | [email protected] | 9.8 | 0.24% | 2020-07-07 | 2024-11-21 |