A part of filename may be spoofed if file is sent as a part of directory.
vulners.com/securityvulns/securityvulns:doc:11451