This Metasploit module exploits a PHP code execution vulnerability in the 'neoclassic' skin for ProcessMaker Open Source which allows any authenticated user to execute PHP code. The vulnerable skin is installed by default in version 2.x and cannot be removed via the web interface.
eb45ad4835f0136226472801ecf8d83ecfdfe22caa02b7f28a680a48e9232df6