|It depends entirely on the rule set that you're using. It's possible that you've got a content-type on the upload that ModSec doesn't like, or that you're using something other than POST to send a file and it doesn't like that, or even that it's tuned to completely disallow uploads.
The logs ModSec is generating will tell you which rule is getting triggers, and should help you figure out how to resolve the issue.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor