CVE-2006-6846

Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.

Published: Dec 31, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6846
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cybercoded / while_you_were_out_inout_board	1.0	1.0.x

http://secunia.com/advisories/23571
http://www.securityfocus.com/bid/21803
https://exchange.xforce.ibmcloud.com/vulnerabilities/31128
https://www.exploit-db.com/exploits/3032

Vulnerability Database

290,476

CVE-2006-6846