Inject PHP code inside a Moodle site

I was doing a penetration test on a Moodle site version 3.10.4 (For educational purposes)

I gained access to administrator panel, however, apache doesn’t have access to the plugins dir, so I can’t upload shell using Plugins section inside Administrator Panel

According to Moodle version (3.10.4), Do you have any other idea for uploading php file inside the site?

Thanks.