This Metasploit modules exploits a vulnerability found in WebCalendar versions 1.2.4 and below. If not removed, the settings.php script meant for installation can be updated by an attacker with injected code. This allows arbitrary code execution as www-data.
29b4c547a774b448684e25b5a3790447dba6bd3752a031b9b5ce3b8d549c07cb