This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php.
9898d80071dec7ddeb79d05a6d3e6a34bfd2027a8c1422f650410e9a1cb4219c
rConfig version 3.9.6 suffers from a remote shell upload vulnerability.
6644b5820c9bc01a355dc6fe4af61dde28e1ed65ab45d8a1dd89e914c886592c