An issue exists in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
modsecurity owasp modsecurity core rule set 3.0.2 |