CVE-2006-5014

HIGH

cPanel <10.9.0 - Privilege Escalation

Title source: llm

Description

Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Clint Torrez · perllocallinux

https://www.exploit-db.com/exploits/2466

View Code ZIP pw:eip

References (5)

[Various Sources] http://forums.cpanel.net/showthread.php?t=58134

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016913

[Patch, Vendor Advisory] http://secunia.com/advisories/22072

[Various Sources] http://changelog.cpanel.net/?build=&showall=1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/20163

Scores

CVSS v3 8.8

EPSS 0.0280

EPSS Percentile 86.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Products (19)

cpanel/cpanel 5.0

cpanel/cpanel 5.3

cpanel/cpanel 6.0

cpanel/cpanel 6.2

cpanel/cpanel 6.4

cpanel/cpanel 6.4.1

cpanel/cpanel 6.4.2

cpanel/cpanel 6.4.2_stable_48

cpanel/cpanel 7.0

cpanel/cpanel 8.0

... and 9 more

Published Sep 27, 2006

Tracked Since Feb 18, 2026