The SSL certificate-storage feature in cPanel prior to 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).
cpanel cpanel