diff --git a/pandora_console/godmode/setup/file_manager.php b/pandora_console/godmode/setup/file_manager.php
index 6f54f2f0a8..272eab74f0 100644
--- a/pandora_console/godmode/setup/file_manager.php
+++ b/pandora_console/godmode/setup/file_manager.php
@@ -87,6 +87,22 @@ $create_text_file = (bool) get_parameter('create_text_file');
 
 $default_real_directory = realpath($config['homedir'].'/');
 
+$_FILES['file']['name'] = '../test3.jpeg';
+
+// Remove double dot in filename path.
+$file_name = $_FILES['file']['name'];
+$path_parts = explode('/', $file_name);
+
+$stripped_parts = array_filter(
+    $path_parts,
+    function ($value) {
+        return $value !== '..';
+    }
+);
+
+$stripped_path = implode('/', $stripped_parts);
+$_FILES['file']['name'] = $stripped_path;
+
 if ($upload_file === true) {
     upload_file(
         $upload_file,
diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php
index 94e16e822b..3242fadcb0 100644
--- a/pandora_console/include/functions_filemanager.php
+++ b/pandora_console/include/functions_filemanager.php
@@ -139,8 +139,25 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_
                 $nombre_archivo = sprintf('%s/%s', $real_directory, $filename);
                 try {
                     $mimeContentType = mime_content_type($_FILES['file']['tmp_name']);
+                    $fileExtension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
 
-                    if (empty($filterFilesType) === true || in_array($mimeContentType, $filterFilesType) === true) {
+                    $validFileExtension = true;
+
+                    if (empty($fileExtension) === false) {
+                        $filtered_types = array_filter(
+                            $filterFilesType,
+                            function ($value) use ($fileExtension) {
+                                $mimeTypeExtensionName = explode('/', $value)[1];
+                                return $mimeTypeExtensionName === $fileExtension;
+                            }
+                        );
+
+                        if (empty($filtered_types) === true) {
+                            $validFileExtension = false;
+                        }
+                    }
+
+                    if ($validFileExtension === true && (empty($filterFilesType) === true || in_array($mimeContentType, $filterFilesType) === true)) {
                         $result = copy($_FILES['file']['tmp_name'], $nombre_archivo);
                     } else {
                         $error_message = 'The uploaded file is not allowed. Only gif, png or jpg files can be uploaded.';