cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).Referenceshttps://documentation.cpanel.net/display/CL/54+Change+Log
