This Metasploit module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo() allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code execution.
5f8de96e6ea32234373a0a7a5100ed196a91a7eb2302465bc03aeaa9b7bfff70
Log1CMS version 2.0 remote code execution exploit that leverages ajax_create_folder.php.
e42cee700505621b6ad1fce6c51c6c98f6b151986a1cc0d80ea0e471e27e2e1d