diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php
index 50ca449123..aee3d88730 100644
--- a/pandora_console/include/functions_filemanager.php
+++ b/pandora_console/include/functions_filemanager.php
@@ -125,9 +125,22 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_
         if (isset($_FILES['file']) === true && empty($_FILES['file']['name']) === false) {
             $filename       = $_FILES['file']['name'];
             $real_directory = filemanager_safe_directory($destination_directory);
-            $umask          = io_safe_output((string) get_parameter('umask'));
+            $extension = pathinfo($filename, PATHINFO_EXTENSION);
 
-            if (strpos($real_directory, $default_real_directory) !== 0) {
+            $umask          = io_safe_output((string) get_parameter('umask'));
+            $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY));
+            $parse_sec2_query = explode('=', $parse_all_queries[1]);
+            $check_extension = true;
+            if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') {
+                if ((strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')) {
+                    $check_extension = false;
+                } else {
+                    $check_extension = true;
+                }
+            }
+
+            // (strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')
+            if (strpos($real_directory, $default_real_directory) !== 0 || $check_extension === false) {
                 // Perform security check to determine whether received upload
                 // directory is part of the default path for caller uploader and
                 // user is not trying to access an external path (avoid
@@ -177,14 +190,31 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_
 
     // Upload zip.
     if ($upload_zip === true) {
+        $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY));
+        $parse_sec2_query = explode('=', $parse_all_queries[1]);
         if (isset($_FILES['file']) === true
             && empty($_FILES['file']['name']) === false
         ) {
             $filename = $_FILES['file']['name'];
             $filepath = $_FILES['file']['tmp_name'];
             $real_directory = filemanager_safe_directory($destination_directory);
+            $secure = true;
+            if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') {
+                // Security control structure.
+                $zip = new \ZipArchive;
+                if ($zip->open($filepath) === true) {
+                    for ($i = 0; $i < $zip->numFiles; $i++) {
+                        $unzip_filename = $zip->getNameIndex($i);
+                        $extension = pathinfo($unzip_filename, PATHINFO_EXTENSION);
+                        if (strtolower($extension) !== 'mib') {
+                            $secure = false;
+                            break;
+                        }
+                    }
+                }
+            }
 
-            if (strpos($real_directory, $default_real_directory) !== 0) {
+            if (strpos($real_directory, $default_real_directory) !== 0 || $secure === false) {
                 // Perform security check to determine whether received upload
                 // directory is part of the default path for caller uploader
                 // and user is not trying to access an external path (avoid