This Metasploit module uses administrative functionality
available in FusionPBX to gain a shell. The Command section of the
application permits users with exec_view permissions, or superadmin
permissions, to execute arbitrary system commands, or arbitrary PHP
code, as the web server user. This module has been tested
successfully on FusionPBX version 4.4.1 on Ubuntu 19.04
(x64).
Read more https://packetstormsecurity.com/files/155343/fusionpbx_exec_cmd_exec.rb.txt