cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540).Referenceshttps://documentation.cpanel.net/display/CL/86+Change+Log
