CVE-2016-10770

cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).
Source: NIST
CVE-2016-10770