A friend with a site on my cPanel RH9 server had its MIME type for .jpg changed to: application/x-httpd-php under "user defined.

He's saying he did not do it...

Could he have done it by mistake... or can this be changed thru other program like a php board?

I am just trying to figure out if we have a security issue or not...

yeah could be some program created .htaccess file and defined it there

goto his home dir cd ~hislogin/public_html and find. -name .htaccess -ls

see when the file is created and in which dir