PHP shell function 'shell_exec' is used. There is no sign of a vulnerability.

Finished scanning, we have 3 findings.

(Interesting) SQL query and a user controlled variable are concaternated. That does not sound good but is no direct indication of a vulnerability as the variable could be filtered or checked.

Uploaded files are handled with 'move_uploaded_file'. Could be a interesting start for research.