This sounds like a bug in the distro packaging of the module, or maybe in Grub. You don’t want to try and install any kernel package, or make your default boot option any kernel package, that the wifi driver package doesn’t declare compatibility with.
But nobody’s package manager knows to do this by default when the driver package is installed, and most packaging systems might not even be able to articulate that constraint.
I mean if you put up an Internet-facing unauthenticated file acceptor it will quickly become stuffed with all sorts of garbage and aspiring malware. You definitely don’t want to hook that up to an untar and exec loop, even with some notion of sandboxing. It will just start mining Bitcoins or sending spam or something.
But if it is built properly, with only authorized users being able to upload stuff, and a basic understanding of not dropping stuff where the web server will happily execute every PHP web shell someone sticks in the slot, and the leverage to threaten people into not uploading pictures of their own or others’ butts or Iron Man (2009), I don’t see why all but the file-uploading professionals should immediately give up.
That certainly sounds like a thing you would want, nay need, to fix.