modsecurity-crs:buster is vulnerable to Authorization Bypass. Use of X.Filename
instead of X_Filename
by an attacker may allow bypassing some PHP script uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.
CPE | Name | Operator | Version |
---|---|---|---|
modsecurity-crs:buster | eq | 3.1.0-1+deb10u1 | |
modsecurity-crs:buster | eq | 3.1.0-1+deb10u1 |