CVE-2006-6846

Name of the Vulnerable Software and Affected Versions: While You Were Out (WYWO) InOut Board version 1.0

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through multiple parameters and fields, including the num parameter in the "phonemessage.asp" endpoint, the catcode parameter in the "faqDsp.asp" endpoint, and the Username and Password fields in the "login.asp" endpoint.

Recommendations: For While You Were Out (WYWO) InOut Board version 1.0, consider restricting access to the vulnerable endpoints and fields until a patch is available. As a temporary workaround, avoid using the num parameter in "phonemessage.asp", the catcode parameter in "faqDsp.asp", and the Username and Password fields in "login.asp" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.