If you have a website which allows anonymous remote users to upload data onto your website , you must be very careful about the vulnerability issues in file uploading. First , check out the Path traversal Vulnerabilities . The file name of an uploaded stuff may be something like '../../xyz.abc' , be sure to take necessary precautions. Same named file may already exist in the destination directory which may cause data overwriting , so an automatic renaming algorithm must be there. A file extension may give you wrong impression about the file content , you must check the file header to be sure about the content type. Before opening a file a virus detecting software must be used to avoid virus attacks. File size must be restricted to avoid storage exhaustion. Extra care for compressed files ( like a *.zip) is required as self referencing directory may consume valuable system resources.
Reference : http://shsc.info/FileUploadSecurity
