: Allowing bad actors to upload executable code (such as malicious PHP webshells) directly to the server.