CVE-2018-20907

cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).