Full title: ProcessMaker Open Source Authenticated PHP Code Execution 
Category: remote exploits
Platform: php
This Metasploit module exploits a PHP code execution vulnerability in the 'neoclassic' skin for ProcessMaker Open Source which allows any authenticated user to execute PHP code. The vulnerable skin is installed by default in version 2.x and cannot be removed via the web interface.

# 0day.today @ http://0day.today/