The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code.