UnknownSec Bypass 403

: /var/www/santgyaneshwarji/cpanel/ [ drwxr-xr-x ]
name : update_news.php <?php include "../config.php"; if(empty($_FILES['new-image']['name'])){ $image_name=$_POST['old_image']; }else { $error=array(); $removefilename="news_images/".$_POST['old_image']; unlink($removefilename); $file_name=$_FILES['new-image']['name']; $file_size=$_FILES['new-image']['size']; $file_tmp=$_FILES['new-image']['tmp_name']; $file_type=$_FILES['new-image']['type']; $file_ext=strtolower(end(explode('.',$file_name))); $extensions=array("jpeg","jpg","png"); if(in_array($file_ext,$extensions)===false){ $error[]="This extension file is not allowed, Please choose a JPG or PNG file."; } if($file_size > 2097152) { $error="File size must be 2mb or lower."; } $new_name=time()."-".basename($file_name); $target="news_images/".$new_name; $image_name=$new_name; if(empty($errors)==true){ move_uploaded_file($file_tmp,$target); }else{ print_r($error); die(); } } //image uploading /*if($_FILES['fileToUpload']['name']){ move_uploaded_file($_FILES['fileToUpload']['tmp_name'], "news_images/".$_FILES['fileToUpload']['name']); $img = "news_images/".$_FILES['fileToUpload']['name']; }*/ //$newsid=mysqli_real_escape_string($conn, $_POST['newsid']); $newstitle=mysqli_real_escape_string($conn, $_POST['newstilte']); $description=mysqli_real_escape_string($conn, $_POST['long_desc']); $date=date("d M, Y"); $data="0"; $sql="UPDATE newstb SET newstitle='{$_POST["newstitle"]}', long_desc='{$_POST["long_desc"]}',image_name='{$image_name}' WHERE id={$_POST["newsid"]};"; if(mysqli_multi_query($conn, $sql)) { $data="1"; } echo json_encode($data); ?>