A CRLF injection in the cPanel/WHM login flow lets unauthenticated attackers write user=root into a session file. Active exploitation includes Mirai variants and a ransomware strain called "Sorry." Here's what to patch and how.