CVE-2022-28590 The original discovery and manual PoC is from tuando243: A Remote Code Execution (RCE) vulnerability exists in Pixelimity 10 via admin/admin-ajaxphp?action=install_theme This PoC uploads a simple webshell for further remote code execution This exploit expects from the server that system() function is allowed, otherwise some previous recon must be done in orde