Hii all,
Anyone know that why in studio in the files and uploads section users is able to upload php files and other type of extension files like .asp,.aspx etc which is necessary or not?
should block certain files if not needed to be added?
Thanks in Advance 
I think these are stored in a database, not on disk where a misconfigured web server might execute them – and I believe they are served with appropriate headers.
Please see https://github.com/openedx/.github/blob/master/SECURITY.md for how to report any security issues that you identify.