This script is possibly vulnerable to arbitrary file creation.
This issue allows an attacker to influence calls to functions which create files/directories and create arbitrary files. Due to a lack of input validation, an attacker can supply directory traversal sequences followed by an arbitrary file name to create specific files.
This vulnerability allows attackers to create arbitrary files.
Your script should filter metacharacters from user input.
Acunetix Directory Traversal Attacks