CVE-2006-6846 Information

Description

Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp (2) the catcode parameter in (b) faqDsp.asp and the (3) Username and (4) Password fields in (c) login.asp.

Reference

http://secunia.com/advisories/23571 http://www.securityfocus.com/bid/21803 https://exchange.xforce.ibmcloud.com/vulnerabilities/31128 https://www.exploit-db.com/exploits/3032