We are pleased to announce that new updated WAF rulesets version 3.20 were released to production.
New protection rules:
- Shell Upload in Joomla 3.x
- SQLi in JM Car Classifieds CarAgent Templates Joomla Plugin
- Joomla Com_Fabrik Vulnerabilities
- GPON Routers - Authentication Bypass / Command Injection
- XSS in PW WooCommerce Bulk Edit
Improved rules protecting against:
- Joomla Com_Fabrik 3.9 controller File Upload Vulnerability
- Joomla Codextrous B2jcontact 2.1.17 File Upload Vulnerability (CVE-2017-5214)
- jQuery-File-Upload - Arbitrary File Upload (CVE-2018-9206)
- SQL injection in wpDiscuz plugin before 5.3.6 (CVE-2020-13640)
- System Command Injection
- Directory Traversal
- URI containing malicious URLs