CVE-2018-20914 (v3: 7.3)
1 Aug 2019
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).