This script is vulnerable it does not sanatize what file types can be upload all it says is text that states only so and so can be uploaded.

But in the php script it does not clarify it

If people use this script then 10/10 they will get hacked allowing hackers to upload shell botnet.txt files or whatever they so choose until the owner of this script or someone else fixes these errors i highly reccomend no one to use this script for the safty of your site