cPanel prior to 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
cpanel cpanel