Vulnerable file upload functionality that users can upload files. Although almost all files with extensions like php, phtml, etc. have been prevented, an attacker can still upload phps files and remote code execute .
The Apache server which is hosting the web application need to have the ability to execute the phps file