webchess v1.0 exists to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webchess project webchess 1.0 |