File upload functions are a favorite target for hackers, because they require your site to take a large chunk of data and write it to disk.
This gives attackers the opportunity to smuggle malicious scripts onto your server. If they can subsequently find a way to execute those scripts, they can compromise your entire system.
Let's see how an attack might work. This is based on a recent, real-world example.