CVE-2026-29206

Summary

Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.

Affected Software

VendorProductVersion RangeStatus
WebProscPanel11.136.0.0 < 11.136.0.10affected
WebProscPanel11.134.0.0 < 11.134.0.26affected
WebProscPanel11.132.0.0 < 11.132.0.32affected
WebProscPanel11.130.0.0 < 11.130.0.23affected
WebProscPanel11.126.0.0 < 11.126.0.59affected
WebProscPanel11.124.0.0 < 11.124.0.38affected
WebProscPanel11.118.0.0 < 11.118.0.67affected
WebProscPanel11.110.0.0 < 11.110.0.119affected
WebProscPanel11.102.0.0 < 11.102.0.42affected
WebProscPanel11.94.0.0 < 11.94.0.31affected
WebProscPanel11.30.0.0 < 11.86.0.44affected
WebProsWP Squared11.136.1.0 < 11.136.1.12affected
WebProscPanel (CloudLinux 6, CentOS 6)11.110.0.0 < 11.110.0.118affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References