It's possible to hide malicious code in an svg (it's likely scannable and easy to detect but there's probably not much point seen in taking the risk).

A simple way svg can be used for hacking would be by adding a closing svg tag inside the image you've uploaded and then adding your onw html/javascript/php straight after it (you can add a closing svg at the end of that too to get it to be less likely to be detected - I'm posting this as an example because I don't expect it to work ANYWHERE).