This module exploits a vuln found in PhpTax. When generating a PDF, the icondrawpng() function in drawimage.php does not properly handle the pfilez parameter, which will be used in a exec() statement, and results in arbitrary code execution.