File Upload Bypass → Remote Code Execution
POC→
1. Tested file upload feature accepting only images
2. Uploaded a PHP shell disguised as shell.php.jpg
3. Server stored file without proper validation
4. Accessed the uploaded file via public URL
5. Server executed the PHP payload
