cPanel prior to 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
cpanel cpanel