cPanel prior to 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
cpanel cpanel