By sending a standard HTTP POST request to this file, an unauthenticated attacker could include arbitrary PHP code in the request body. If the payload began with the
Look for POST requests to: