cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
Published August 2, 2019.
Cpanel Cpanel
