CVE-2023-22959

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
webchess_projectwebchess
𝑥
≤ 0.9.0
webchess_projectwebchess
1.0.0:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/chenan224/webchess_sqli_poc
https://sourceforge.net/p/webchess/bugs/84/
https://github.com/chenan224/webchess_sqli_poc
https://sourceforge.net/p/webchess/bugs/84/