diff --git a/CHANGELOG b/CHANGELOG
index f057422d1..2d14fe3e8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE][GH#1608] Script http-fileupload-exploiter failed to locate its resource
+  file unless executed from a specific working directory. [nnposter]
+
 o [NSE][GH#1571] The HTTP library now provides transparent support for gzip-
   encoded response body. (See https://github.com/nmap/nmap/pull/1571 for an
   overview.) [nnposter]
diff --git a/scripts/http-fileupload-exploiter.nse b/scripts/http-fileupload-exploiter.nse
index b65b4c607..b771ae920 100644
--- a/scripts/http-fileupload-exploiter.nse
+++ b/scripts/http-fileupload-exploiter.nse
@@ -56,6 +56,7 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 
 local http = require "http"
 local io = require "io"
+local nmap = require "nmap"
 local string = require "string"
 local httpspider = require "httpspider"
 local shortport = require "shortport"
@@ -211,6 +212,16 @@ action = function(host, port)
   local foundfield = 0
   local fail = 0
 
+  local pixel = nil
+  local pixelfn = nmap.fetchfile("nselib/data/pixel.gif")
+  if pixelfn then
+    local fh = io.open(pixelfn, "rb")
+    pixel = fh:read("a")
+    fh:close()
+  end
+  if not pixel then
+    stdnse.debug1("Warning: Test file nselib/data/pixel.gif not found")
+  end
 
   local crawler = httpspider.Crawler:new( host, port, '/', { scriptname = SCRIPT_NAME } )
 
@@ -300,16 +311,15 @@ action = function(host, port)
             end
 
             -- Method (3).
-            local inp = assert(io.open("nselib/data/pixel.gif", "rb"))
-            local image = inp:read("a")
+            if pixel then
+              buildRequests(host, port, submission, filefield["name"], "image/gif", partofrequest, uploadspaths, pixel)
 
-            buildRequests(host, port, submission, filefield["name"], "image/gif", partofrequest, uploadspaths, image)
-
-            result = makeAndCheckRequests(uploadspaths)
-            if result then
-              table.insert(returntable, result)
-            else
-              fail = 1
+              result = makeAndCheckRequests(uploadspaths)
+              if result then
+                table.insert(returntable, result)
+              else
+                fail = 1
+              end
             end
           end
         else