CVE-2023-39851
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-39851 is a SQL injection vulnerability identified in webchess v1.0. The issue lies in the mainmenu.php file, which is susceptible to attacks through the $playerID parameter. However, it's important to note that this vulnerability is disputed by a third party, who claims that the playerID is a session variable controlled by the server and cannot be manipulated by users for exploitation. Despite this dispute, the potential for SQL injection attacks is a significant security risk, and affected users are advised to upgrade to a patched version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.