This Metasploit module exploits an authenticated command
injection vulnerability in FusionPBX versions 4.4.3 and prior. The
exec.php file within the Operator Panel permits users with
operator_panel_view permissions, or administrator permissions, to
execute arbitrary commands as the web server user by sending a
system command to the FreeSWITCH event socket interface. This
module has been tested successfully on FusionPBX version 4.4.1 on
Ubuntu 19.04 (x64).
Read more https://packetstormsecurity.com/files/155344/fusionpbx_operator_panel_exec_cmd_exec.rb.txt