Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:39706
HistoryMar 12, 2023 - 4:51 p.m.

Authorization Bypass

2023-03-1216:51:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
modsecurity
crs buster
authorization bypass
php
script uploads

0.001 Low

EPSS

Percentile

29.9%

modsecurity-crs:buster is vulnerable to Authorization Bypass. Use of X.Filename instead of X_Filename by an attacker may allow bypassing some PHP script uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.

0.001 Low

EPSS

Percentile

29.9%