without the need of some sort of vulnerability while in the code alone, you can't execute picture documents as PHP files, as any respectable server would not enable this. it's the EXIF processing which can be extra https://susanomwg449457.aboutyoublog.com/31538484/detailed-notes-on-jpg-exploit