This Metasploit module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11. It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php" parameters "function" and "args".
1c02024d4a3f7042c08772f0fe212d3e817f272a686805a55db99a37717d3b29