cPanel prior to 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
cpanel cpanel