This Metasploit module exploits a vulnerability found in PHP Volunteer Management System, versions 1.0.2 and prior. This application has an upload feature that allows an authenticated user to upload anything to the 'uploads' directory, which is actually reachable by anyone without a credential. An attacker can easily abuse this upload functionality first by logging in with the default credential (admin:volunteer), upload a malicious payload, and then execute it by sending another GET request.
a9247fc86c26d352083bf798cdd011abca8e533b47fe3653ae48f91b1a8c9e3b
PHP Volunteer Management System version 1.0.2 suffers from cross site scripting and shell upload vulnerabilities.
5dda1338ca319b4adddc456481f9f1b5cd07d77f0275192f85b5454e36568928