CVE-2023-39851

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 15, 2023
Updated: Aug 2, 2024
CWE ID 89

Summary

CVE-2023-39851 is a SQL injection vulnerability identified in webchess v1.0. The issue lies in the mainmenu.php file, which is susceptible to attacks through the $playerID parameter. However, it's important to note that this vulnerability is disputed by a third party, who claims that the playerID is a session variable controlled by the server and cannot be manipulated by users for exploitation. Despite this dispute, the potential for SQL injection attacks is a significant security risk, and affected users are advised to upgrade to a patched version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share