c99shell.php is hacking tool like backdoor. if the file is uploaded on website ,attacker can control the server.
I’ve tried other cases (for instance .php.png or other) . changed file extension of pictures can use like upside way. it’s very old attack method ,I think you should check and investigate it for filtering ??
p.s When we upload on “file upload of main wordpress”, php.jpg file changed like php_.jpg. under bar added behind ‘php’ and the php file can’t be excuted as a php file.
Thank you
Donghyun
