Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.
AnalysisAI
SQL injection in the cPanel/WHM sqloptimizer utility script allows attackers to execute arbitrary SQL queries as the MySQL root user when Slow Query logging is enabled. The flaw affects multiple cPanel branches (11.86 through 11.136), WP Squared, and the CloudLinux 6/CentOS 6 builds, with no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours: inventory all cPanel/WHM deployments and identify which have Slow Query logging enabled (prioritize highest-risk systems first). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary f
Denial of service in the Cpanel::JSON::XS Perl module before version 4.41 allows remote attackers to crash any caller th
Type confusion in Cpanel::JSON::XS (Perl) versions before 4.41 allows remote attackers to crash a decoder by submitting
Privilege escalation in cPanel and WP Squared allows an authenticated team member account to elevate privileges to the t
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30203
GHSA-7pf6-43fc-mx36