cPanel prior to 84.0.20 allows malicious users to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
cpanel cpanel