diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e35019d..bf87dcf2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Release Notes
 
+## WIP
+
+- Prevent uploading php files in assets manager
+
 ## 2.4.0 (2023-03-08)
 
 - Add additional security check editing php files in finder
diff --git a/modules/Assets/bootstrap.php b/modules/Assets/bootstrap.php
index 185b2ba4..e1c529f4 100644
--- a/modules/Assets/bootstrap.php
+++ b/modules/Assets/bootstrap.php
@@ -80,6 +80,11 @@
                 $_isAllowed = $allowed === true ? true : preg_match("/\.({$allowed})$/i", $_file);
                 $_sizeAllowed = $max_size ? filesize($files['tmp_name'][$i]) < $max_size : true;
 
+                // prevent uploading php files
+                if ($_isAllowed && pathinfo($_file, PATHINFO_EXTENSION) === 'php') {
+                    $_isAllowed = false;
+                }
+
                 if (!$files['error'][$i] && $_isAllowed && $_sizeAllowed && move_uploaded_file($files['tmp_name'][$i], $_file)) {
 
                     $_files[]   = $_file;