cPanel prior to 76.0.8 allows remote malicious users to execute arbitrary code via mailing-list attachments (SEC-452).
cpanel cpanel