There's a recent security bug in ImageMagick (fixed with 7.0.1-7) that executed code from the upload (or target?) filename.
German article: http://www.heise.de/security/meldung/Luecke-in-ImageMagick-und-GraphicsMagick-ermoeglicht-erneute-Angriffe-3223811.html
Are there chances that MediaWiki is not affected? I have big time trouble upgrading IM on Ubuntu 14.04.
I disabled local upload for now.