This CTF answer from reddit/r/netsec seems like it'd be useful in a lot of situations. It's about using php://filter to create weird encoding that tricks php into thinking that data is an image when it's not. Also note that the answer the CTF people were looking for was to upload a file using a .pht extension, since there's a large number of possibly valid file extensions that depending on configuration are executable. There's a really really old apache exploit like the correct answer; the details of which I can barely remember. It was something like uploading a file named image.php.jpeg [not a typo], with a correct jpg header and php file in the image contents would sometimes be executed since Apache wouldn't recognize .jpeg as an image file extension.
Anyway, the much more interesting article: