cPanel prior to 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
cpanel cpanel