This Topic is very important!
It seems to me that I protected my server by disable writing to the images directory.
I have a php script that injected into the images directory, like as ef245a0187359c78f346589bb7628562.php
I was unable to create a report on hackerone.com
Please take action!