cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).Referenceshttps://documentation.cpanel.net/display/CL/72+Change+Log
