This Metasploit module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval()' with user controlled data from the 'modname' parameter.
7c1e06a8368ff3ba80da09ec39f138b29b87f7223b028687a6f1c5149cc3a95f