I'd like to have a directory on my web server, where I can host my random images that I can quickly upload using php script. but I have concerns about the security of this deal.
in a "root" directory I have two folders, "uploader" and "files". "uploader" is where my php upload scrips are. Its protected with .htaccess. And "files" where it uploads images. www-data has RWX and everyone else is R-X.
would it be possible for somebody to upload any files to "files" folder and possibly execute them? after all, apache can read write and execute. but my php scrips allows only image uploads.
please, give me a possible scenarios of what could happen. Thank you.