: The "image" could contain a Web Shell , allowing an attacker to run commands on the server. Common PHP Image Functions
: A security filter might only check the last extension ( .jpeg ) and assume the file is a safe image. However, if the web server (like Apache) is misconfigured, it might execute the file as a PHP script because it sees the .php part. image.php.jpeg
: A script (e.g., image.php ) fetches data, processes an image resource, and sends a header like Content-Type: image/jpeg to the browser. : The "image" could contain a Web Shell