This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.
Source: Kleophatra 0.1.5 TinyBrowser File Upload Code Execution