This Metasploit module exploits a vulnerability in MobileCartly. The savepage.php file does not do any permission checks before using file_put_contents(), which allows any user to have direct control of that function to create files under the 'pages' directory by default, or anywhere else as long as the user has WRITE permission.
d2b93bba6358674606a2931cdca65cfb7a3dc0f305c1159a3307f8e62152044e