This Metasploit module exploits a vulnerability found in BuilderEngine 3.5.0 via elFinder 2.0. The jquery-file-upload plugin can be abused to upload a malicious file, which would result in arbitrary remote code execution under the context of the web server.
5ba5bb643f31ecc62484733644b0696342aaba16644737ef5bd5784d1a739d0d