This whitepaper discusses chain session upload progress to remote code execution when taking advantage of local file inclusion.
You can download it from the following link: https://packetstormsecurity.com/files/download/163678/exploiting-psup.pdf
Source: https://packetstormsecurity.com/files/163678/Exploiting-PHP_SESSION_UPLOAD_PROGRESS.html