Directory traversal on file upload.
vulners.com/securityvulns/securityvulns:doc:26134
vulners.com/securityvulns/securityvulns:doc:27426