/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache
# ------------------------------------------------------ # Imunify360 ModSecurity Rules # Copyright (C) 2026 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # ------------------------------------------------------ # Imunify360 ModSecurity Base Ruleset SecRule REQUEST_METHOD "@streq POST" "id:77140836,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: RCE vulnerability in Joomla 3.4.6||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule ARGS:task "@streq user.login" "chain,t:lowercase" SecRule ARGS:username "@contains \0" "t:none" SecRule REQUEST_FILENAME "@endsWith com_hdflvplayer/hdflvplayer/download.php" "id:77140845,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:lowercase,t:normalizePath,msg:'IM360 WAF: Joomla HD FLV 2.1.0.1 and below Arbitrary File Download Vulnerability (CVE-2010-1219)||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule ARGS:f "@rx \.\.\/" "t:none,t:urlDecodeUni,t:normalizePath" SecRule REQUEST_FILENAME "@endsWith s5_media_player/helper.php" "id:77140847,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:lowercase,t:normalizePath,msg:'IM360 WAF: Joomla Shape 5 MP3 Player 2.0 Local File Disclosure||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule ARGS:fileurl "!@rx ^$" "t:none" SecRule REQUEST_METHOD "@rx ^POST$" "id:77140901,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla simplefileupload component File Upload Vulnerability||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule REQUEST_FILENAME "@endsWith /modules/mod_simplefileuploadv1.3/elements/udd.php" "chain,t:none,t:normalizePath" SecRule FILES "@rx (?i)\.(?:h?php[\ds]?|pht[m]?|s?p?html?|swf|xap|phar|inc|ctp|pl|pgif|cgi|htaccess|module|exe|js|suspected|ico)(?:\W|$)" "t:none,t:urlDecodeUni" SecRule REQUEST_METHOD "@rx ^POST$" "id:77140902,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla com_facileforms component File Upload Vulnerability||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule REQUEST_FILENAME "@endsWith /components/com_facileforms/libraries/jquery/uploadify.php" "chain,t:none,t:normalizePath" SecRule FILES "@rx (?i)\.(?:h?php[\ds]?|pht[m]?|s?p?html?|swf|xap|phar|inc|ctp|pl|pgif|cgi|htaccess|module|exe|js|suspected|ico)(?:\W|$)" "t:none,t:urlDecodeUni" SecRule REQUEST_METHOD "@rx ^POST$" "id:77140911,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla! com_extplorer Components File Upload Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule REQUEST_FILENAME "@endsWith components/com_extplorer/uploadhandler.php" "chain,t:none,t:normalizePath" SecRule FILES "@rx (?i)\.(?:h?php[\ds]?|pht[m]?|s?p?html?|swf|xap|phar|inc|ctp|pl|pgif|cgi|htaccess|module|exe|js|suspected|ico)(?:\W|$)" "t:none,t:urlDecodeUni" SecRule REQUEST_METHOD "@rx POST" "id:77140929,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: Joomla com_rokdownloads Arbitrary File Upload Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule REQUEST_FILENAME "@endsWith com_rokdownloads/assets/uploadhandler.php" "chain,t:none,t:normalizePath" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:lowercase" SecRule REQUEST_METHOD "@rx POST" "id:77140930,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: Joomla com_jbcatalog Arbitrary File Upload Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule REQUEST_URI "@rx com_jbcatalog/libraries/jsupload/server/php" "chain,t:none,t:normalizePath" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:lowercase" SecRule REQUEST_METHOD "@rx ^POST$" "id:77140931,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: Joomla com_alberghi Arbitrary File Upload Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule REQUEST_FILENAME "@endsWith com_alberghi/upload.alberghi.php" "chain,t:none,t:normalizePath" SecRule FILES "@rx (\.htaccess|.+\.(pht|phtml|php\d?)$)" "t:none" SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:X-Forwarded-For "@rx JDatabaseDriverMysql" "id:77140932,phase:2,block,nolog,auditlog,severity:2,t:none,t:urlDecodeUni,msg:'IM360 WAF: Object Injection RCE vulnerability in Joomla (CVE-2015-8562)||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule REQUEST_HEADERS "@rx (?i)O:\d+:[\x22\x27]\s{0,10}(?:JDatabaseDriver(?:Mysqli|Mysql)|JSimplepie(?:Factory)?|SimplePie)[\x22\x27]" "id:77788361,phase:1,block,nolog,auditlog,severity:5,t:none,t:urlDecodeUni,msg:'IM360 WAF: Joomla Object Injection Gadget Class in Joomla! CMS before 3.4.6 (CVE-2015-8562)||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_core'" SecRule REQUEST_HEADERS "@rx \x7d[_a-zA-Z0-9]{1,64}\|O:\d{1,10}:" "id:77574846,phase:1,pass,nolog,auditlog,severity:5,t:none,t:urlDecodeUni,msg:'IM360 WAF: PHP Session Injection Pattern in Joomla! CMS before 3.4.6 (CVE-2015-8562)||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_core'" SecRule REQUEST_METHOD "@rx ^POST$" "chain,id:77141002,phase:2,block,nolog,auditlog,severity:2,t:none,t:urlDecodeUni,msg:'IM360 WAF: Path traversal vulnerability in com_foxcontact component for Joomla!||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||SC:%{SCRIPT_FILENAME}||',tag:'joomla_plugin'" SecRule REQUEST_FILENAME "@rx uploader\.php$" "chain,t:none" SecRule REQUEST_FILENAME "@contains /com_foxcontact/lib/" "chain,t:none,t:lowercase,t:normalizePath" SecRule &ARGS:cid "@gt 0" "chain,t:none" SecRule &ARGS:mid "@gt 0" "chain,t:none" SecRule ARGS:qqfile "@rx \.\.\/" "t:none" SecRule REQUEST_FILENAME "@endsWith /modules/tdpsthemeoptionpanel/tdpsthemeoptionpanelAjax.php" "id:77141003,chain,phase:2,block,nolog,auditlog,severity:2,t:normalizePath,msg:'IM360 WAF: File upload vulnerability in WooCommerce component for Joomla!||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase" SecRule REQUEST_FILENAME "@endsWith /modules/pk_vertflexmenu/ajax/upload.php" "id:77141004,chain,phase:2,block,nolog,auditlog,severity:2,t:normalizePath,msg:'IM360 WAF: File upload vulnerability in WooCommerce component for Joomla!||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase,t:urlDecode" SecRule ARGS:creativecontactform_upload "@rx \.\.\/\.\.\/\.\.\/" "id:77141037,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: Joomla Creative Contact Form 4.6.2 Directory Traversal (CVE-2020-9364)||RSV:8.02||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule REQUEST_METHOD "@rx ^POST$" "id:77142145,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla com_rokdownloads path traversal Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule REQUEST_FILENAME "@endsWith com_rokdownloads/assets/uploadhandler.php" "chain,t:none,t:normalizePath" SecRule ARGS "@rx \.\.\/\.\.\/\.\.\/" "t:urlDecode" SecRule REQUEST_METHOD "@rx ^POST$" "id:77142147,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla com_oziogallery path traversal Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule REQUEST_URI "@rx \/components\/com_oziogallery\/imagin\/scripts_ralcr\/filesystem\/writeToFile\.php" "chain,t:none,t:normalizePath" SecRule ARGS:path "@rx \.\.\/\.\.\/\.\.\/" "t:urlDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77222520,chain,phase:2,block,nolog,auditlog,t:none,severity:2,msg:'IM360 WAF: Unauthorized account creation and modification in Joomla! before 3.6.4 (CVE-2016-8870 CVE-2016-9836)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_core'" SecRule ARGS:task "@streq user.register" "chain,t:none,t:lowercase" SecRule REQUEST_FILENAME "@contains /component/users/" "t:none,t:normalizePath,t:lowercase" SecRule REQUEST_FILENAME "@contains /images/stories/" "id:77240000,chain,msg:'IM360 WAF: Protecting Joomla folder||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,t:none,t:urlDecodeUni,t:lowercase,t:normalizePath,severity:2,tag:'joomla_core'" SecRule REQUEST_FILENAME "@endsWith .php" "t:none,t:urlDecodeUni,t:lowercase" SecRule REQUEST_FILENAME "@endsWith plugins/jtreelink/dialogs/links.php" "id:77223130,chain,phase:2,block,nolog,auditlog,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,severity:2,msg:'IM360 WAF: SQL injection vulnerability in JCK Editor component 6.4.4 for Joomla (CVE-2018-17254)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule ARGS:parent "@rx \x22" "t:none,t:urlDecodeUni" SecMarker IGNORE_SFS_SIG_XSS_SQLi_JC SecRule REQUEST_FILENAME "@pm com_sexycontactform com_creativecontactform" "id:77240010,chain,msg:'IM360 WAF: Protecting Joomla Creative Contact Form Files folder (CVE-2014-8739)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,t:none,t:lowercase,severity:2,tag:'joomla_core'" SecRule REQUEST_FILENAME "@rx \/com_(?:sexy|creative)contactform\/fileupload\/(files\/)?" "chain,t:none,t:urlDecodeUni,t:lowercase,t:normalizePath" SecRule FILES "@rx (?i)\.(?:h?php[\ds]?|pht[m]?|s?p?html?|swf|xap|phar|inc|ctp|pl|pgif|cgi|htaccess|module|exe|js|suspected|ico)(?:\W|$)" "t:none,t:lowercase" SecRule &ARGS:option "@lt 1" "id:77316871,pass,phase:2,nolog,severity:5,skipAfter:MARKER_option,msg:'IM360 WAF: ARGS page optimization||RSV:8.02||T:APACHE||',tag:'noshow',tag:'joomla_core'" SecRule REQUEST_FILENAME "@endsWith /administrator/index.php" "chain,id:77316875,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Missing input validation within the template manager in Joomla! v3.2.0-v3.9.24 (CVE-2021-23131)||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule ARGS:option "@streq com_templates" "chain,t:none" SecRule ARGS:task "@streq template.overrides" "chain,t:none" SecRule ARGS:folder "@pm ( <" "t:none,t:htmlEntityDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77222770,chain,phase:2,block,nolog,auditlog,t:none,severity:2,msg:'IM360 WAF: Directory traversal vulnerability in K2 component 2.8.0 for Joomla (CVE-2018-7482)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule ARGS:option "@streq com_k2" "chain,t:none,t:lowercase" SecRule ARGS:target "@rx ^l1_(\w+)={0,2}$" "chain,capture,t:none" SecRule TX:1 "@contains .." "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222900,chain,phase:2,block,nolog,auditlog,t:none,severity:2,msg:'IM360 WAF: Arbitrary File Download vulnerability in Jtag Members Directory 5.3.7 component for Joomla (CVE-2018-6008)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule ARGS:option "@streq com_jtagmembersdirectory" "chain,t:none,t:lowercase" SecRule ARGS:download_file "@contains .." "t:none" SecRule REQUEST_METHOD "@rx GET|POST" "id:77318022,chain,msg:'IM360 WAF: Old style account creation and modification in Joomla!||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,pass,nolog,auditlog,t:none,severity:2,tag:'joomla_core'" SecRule ARGS:task "@rx register" "chain,t:none" SecRule REQUEST_FILENAME "@contains /component/users/" "t:none,t:normalizePath,t:lowercase" SecRule ARGS:option "@contains com_user" "id:77318023,chain,msg:'IM360 WAF: Old style account creation and modification in Joomla!||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,pass,nolog,auditlog,t:none,severity:2,tag:'joomla_core'" SecRule ARGS:view "@streq registration" "t:none" SecRule ARGS:option "@streq com_fireboard" "id:77140826,chain,msg:'IM360 WAF: SQL Injection vulnerability in Joomla FireBoard 1.1.3 (CVE-2009-4583)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,severity:2,t:none,tag:'joomla_plugin'" SecRule ARGS:func "@rx (?:fb_pdf|view|showcat)" "chain,t:none" SecRule REQUEST_FILENAME "@endsWith index.php" "chain,t:none" SecRule ARGS:catid|ARGS:Itemid "@rx '|\x22" "t:none,t:urlDecode" SecRule ARGS:option "@streq com_alphacontent" "id:77140828,chain,msg:'IM360 WAF: SQL Injection vulnerabilities in Joomla AlphaContent v3.x (CVE-2009-3438)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,severity:2,t:none,tag:'joomla_plugin'" SecRule &ARGS:section "@ge 1" "chain,t:none" SecRule REQUEST_FILENAME "@endsWith index.php" "chain,t:none" SecRule ARGS:limitstart|ARGS:id "@rx '|\x22" "t:none,t:urlDecodeUni" SecRule ARGS:option "@streq com_jomestate" "id:77140830,chain,msg:'IM360 WAF: SQL Injection vulnerabilities in Joomla JomEstate v4.1 (CVE-2018-6368)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,severity:2,t:none,tag:'joomla_plugin'" SecRule &ARGS:task "@ge 1" "chain,t:none" SecRule REQUEST_FILENAME "@endsWith index.php" "chain,t:none" SecRule ARGS:limitstart|ARGS:id|ARGS:Itemid|ARGS:tmpl "@rx '|\x22" "t:none,t:urlDecode" SecRule ARGS:option "@streq com_easygb" "id:77140832,chain,msg:'IM360 WAF: SQL Injection vulnerabilities in Joomla Easy GuestBook v1.0 (CVE-2009-4583)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,severity:2,t:none,tag:'joomla_plugin'" SecRule &ARGS:task "@ge 1" "chain,t:none" SecRule REQUEST_FILENAME "@endsWith index.php" "chain,t:none" SecRule ARGS:Itemid "@rx '|\x22" "t:none,t:urlDecode" SecRule REQUEST_METHOD "POST" "id:77140842,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule ARGS:option "@streq com_adsmanager" "chain,t:none,t:lowercase" SecRule ARGS:task "@streq upload" "chain,t:none,t:lowercase" SecRule ARGS:tmpl "@streq component" "chain,t:none,t:lowercase" SecRule FILES "@rx (\.htaccess|.+\.(pht|phtml|php\d?)$)" "t:none" SecRule REQUEST_METHOD "@streq POST" "id:77140843,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla Component com_fabrik File Upload Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule ARGS:option "@streq com_fabrik" "chain,t:none,t:lowercase" SecRule ARGS:view|ARGS:c "@streq import" "chain,t:none,t:lowercase" SecRule ARGS:filetype "@streq csv" "chain,t:none,t:lowercase" SecRule FILES "@rx (\.htaccess|.+\.(pht|phtml|php\d?)$)" "t:none" SecRule ARGS:option "@streq com_cckjseblod" "id:77140844,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:lowercase,msg:'IM360 WAF: Joomla com_cckjseblod Local File Download Vulnerability (2016-09-13)||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule ARGS:task "@streq download" "chain,t:none,t:lowercase" SecRule ARGS:file "@streq configuration.php" "t:none" SecRule REQUEST_METHOD "@streq POST" "id:77140846,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla jDownloads 1.0 Arbitrary File Upload||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule ARGS:option "@streq com_jdownloads" "chain,t:none,t:lowercase" SecRule ARGS:view "@streq upload" "chain,t:none,t:lowercase" SecRule &ARGS:Itemid "@gt 0" "chain,t:none" SecRule FILES "@rx (\.htaccess|.+\.(pht|phtml|php\d?)$)" "t:none" SecRule REQUEST_METHOD "@streq POST" "id:77140848,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla JCE 2.6.33 Arbitrary File Upload||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule ARGS:option "@streq com_jce" "chain,t:none,t:lowercase" SecRule ARGS:task "@streq plugin" "chain,t:none,t:lowercase" SecRule ARGS:plugin "@streq imgmanager" "chain,t:none,t:lowercase" SecRule ARGS:file "@streq imgmanager" "chain,t:none,t:lowercase" SecRule ARGS:method "@streq form" "chain,t:none,t:lowercase" SecRule FILES "@rx (\.htaccess|.+\.(pht|phtml|php\d?)$)" "t:none" SecRule REQUEST_METHOD "@streq POST" "id:77140849,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla com_Myblog Exploit Arbitrary File Upload Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule ARGS:option "@streq com_myblog" "chain,t:none,t:lowercase" SecRule ARGS:task "@streq ajaxupload" "chain,t:none,t:lowercase" SecRule FILES "@rx (\.htaccess|.+\.(pht|phtml|php\d?)$)" "t:none" SecRule ARGS:option "@streq com_macgallery" "id:77140850,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:lowercase,msg:'IM360 WAF: Joomla com_macgallery 1.5 Arbitrary File Download (CVE-2014-0001)||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule ARGS:view "@streq download" "chain,t:none,t:lowercase" SecRule ARGS:albumid "@rx \.\.\/" "t:none" SecRule ARGS:option "@streq com_joomanager" "id:77140851,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:lowercase,msg:'IM360 WAF: Joomla com_Joomanager Arbitrary File Download (CVE-2017-18345)||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule ARGS:controller "@streq details" "chain,t:none,t:lowercase" SecRule ARGS:task "@streq download" "chain,t:none,t:lowercase" SecRule ARGS:path "!@rx ^$" "t:none" SecRule REQUEST_METHOD "@rx ^POST$" "id:77140875,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla Com_Fabrik 3.9 controller File Upload Vulnerability (CVE-2011-5004)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule REQUEST_FILENAME "@endsWith index.php" "chain,t:none" SecRule ARGS:option "@streq com_fabrik" "chain,t:none" SecRule ARGS:task "@streq plugin.pluginAjax" "chain,t:none" SecRule ARGS:plugin "@streq fileupload" "chain,t:none" SecRule FILES "@rx (?i)\.(?:h?php[\ds]?|pht[m]?|s?p?html?|swf|xap|phar|inc|ctp|pl|pgif|cgi|htaccess|module|exe|js|suspected|ico)(?:\W|$)" "t:none" SecRule REQUEST_METHOD "@rx ^POST$" "id:77140904,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: FCKEditor Core 2.x 2.4.3 File Upload Vulnerability (CVE-2009-2265)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule REQUEST_FILENAME "@endsWith index.php" "chain,t:none" SecRule ARGS:option "@streq com_collector" "chain,t:none" SecRule ARGS:view "@streq filelist" "chain,t:none" SecRule ARGS:tmpl "@streq component" "chain,t:none" SecRule FILES "@rx (?i)\.(?:h?php[\ds]?|pht[m]?|s?p?html?|swf|xap|phar|inc|ctp|pl|pgif|cgi|htaccess|module|exe|js|suspected|ico)(?:\W|$)" "t:none" SecRule ARGS:option "@streq com_b2jcontact" "id:77140905,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla Codextrous B2jcontact 2.1.17 File Upload Vulnerability (CVE-2017-5214)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule ARGS:qqfile "@rx \.\.\/" "t:none" SecRule REQUEST_METHOD "@rx ^GET$" "id:77140923,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla Component Jreservation Blind SQLi Vulnerability (CVE-2009-3316)||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule REQUEST_FILENAME "@endsWith index.php" "chain,t:none" SecRule ARGS:option "@streq com_content" "chain,t:none" SecRule ARGS:view "@streq article" "chain,t:none" SecRule ARGS:id|ARGS:limit_low "@rx [\)=*\/\|]" "t:none" SecRule REQUEST_METHOD "@rx POST" "id:77140933,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: Joomla JCE Arbitrary File Upload (CVE-2015-7339)||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule ARGS:option "@streq com_jce" "chain,t:none,t:lowercase" SecRule ARGS:task "@streq plugin" "chain,t:none,t:lowercase" SecRule ARGS:plugin "@streq imgmanager" "chain,t:none,t:lowercase" SecRule ARGS:file "@streq imgmanager" "chain,t:none,t:lowercase" SecRule ARGS:json "@rx folderRename" "chain,t:none" SecRule ARGS:json "@rx \.htaccess|\.(pht|phtml|php\d?)" "t:lowercase" SecRule ARGS:option "@streq com_jwallpapers" "chain,id:77140999,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: File upload vulnerability in jwallpapers component for Joomla||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||SC:%{SCRIPT_FILENAME}||',tag:'joomla_plugin'" SecRule ARGS:task "@streq upload" "chain,t:none" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase" SecRule REQUEST_METHOD "@rx ^POST$" "chain,id:77141000,phase:2,block,nolog,auditlog,severity:2,t:none,t:urlDecodeUni,msg:'IM360 WAF: File Upload Vulnerability in com_weblinks component dor Joomla!||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||SC:%{SCRIPT_FILENAME}||',tag:'joomla_plugin'" SecRule ARGS:option "@streq com_media" "chain,t:none" SecRule ARGS:tmpl "@streq component" "chain,t:none" SecRule ARGS:view "@streq images" "chain,t:none" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase" SecRule REQUEST_METHOD "@rx ^POST" "chain,id:77141001,phase:2,block,nolog,auditlog,severity:2,t:none,t:urlDecodeUni,msg:'IM360 WAF: Path traversal vulnerability in com_foxcontact component for Joomla!||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||SC:%{SCRIPT_FILENAME}||',tag:'joomla_plugin'" SecRule ARGS:option "@streq com_foxcontact" "chain,t:none" SecRule ARGS:view "@streq loader" "chain,t:none" SecRule ARGS:qqfile "@rx \.\.\/" "t:none" SecRule REQUEST_METHOD "@streq POST" "id:77141065,chain,phase:2,block,nolog,auditlog,t:none,severity:2,msg:'IM360 WAF: Joomla Component GMapFP 3.30 Arbitrary File Upload (CVE-2020-23971)||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule ARGS:task "@streq upload_image" "chain,t:none,t:lowercase" SecRule ARGS:option "@streq comgmapfp" "chain,t:none,t:lowercase" SecRule ARGS:tmpl "@streq component" "chain,t:none,t:lowercase" SecRule ARGS:controller "@streq editlieux" "chain,t:none,t:lowercase" SecRule FILES "@rx (?i)\.(?:h?php[\ds]?|pht[m]?|s?p?html?|swf|xap|phar|inc|ctp|pl|pgif|cgi|htaccess|module|exe|js|suspected|ico)(?:\W|$)" "t:none" SecRule REQUEST_METHOD "@rx ^POST$" "id:77142115,chain,block,t:none,severity:2,msg:'IM360 WAF: SQLi in Joomla||RSV:8.02||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule ARGS:option "@streq com_users" "chain,t:none,t:urlDecodeUni" SecRule ARGS:task "@streq user.login" "chain,t:none,t:urlDecodeUni" SecRule ARGS:remember "@rx \W" "t:none,t:urlDecodeUni" SecRule REQUEST_METHOD "@rx ^POST" "id:77142117,chain,block,nolog,auditlog,t:none,severity:2,msg:'IM360 WAF: SQLi vulnerability in Joomla||RSV:8.02||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule ARGS:option "@streq com_users" "chain,t:none" SecRule ARGS:task "@streq user.login" "chain,t:none" SecRule ARGS:username "@rx [\x22\:\\\]]" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@rx ^POST" "id:77142122,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: SQLi in com_content component for Joomla!||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule REQUEST_FILENAME "@endsWith index.php" "chain,t:none" SecRule ARGS:option "@streq com_content" "chain,t:none" SecRule ARGS:task "@streq view" "chain,t:none" SecRule ARGS:id|ARGS:Itemid "@rx \D" "t:none" SecRule REQUEST_METHOD "@rx ^POST" "id:77142123,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: SQLi in com_content component for Joomla!||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule REQUEST_FILENAME "@endsWith index.php" "chain,t:none" SecRule ARGS:task "@streq view" "chain,t:none" SecRule ARGS:option "@rx \W" "t:none,t:urlDecode" SecRule &ARGS:title "@gt 0" "id:77142127,chain,block,severity:2,t:none,msg:'IM360 WAF: XSS vulnerability in com_easydiscuss plugin for Joomla (CVE-2018-5263)||RSV:8.02||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule &ARGS:dc_content "@gt 0" "chain,t:none" SecRule &ARGS:poster_email "@gt 0" "chain,t:none" SecRule ARGS:option "@streq com_easydiscuss" "chain,t:none" SecRule ARGS:tags[] "@rx [\x22><']" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls" SecRule REQUEST_METHOD "@rx ^POST$" "id:77142149,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: Joomla JCE Editor path traversal Vulnerability||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule ARGS:option "@streq com_jce" "chain,t:none" SecRule ARGS:plugin|ARGS:file "@streq imgmanager" "chain,t:none" SecRule ARGS:upload-dir "@rx \.\.\/" "t:none" SecRule REQUEST_METHOD "@rx ^POST" "id:77142213,chain,phase:2,pass,nolog,auditlog,severity:5,t:none,msg:'IM360 WAF: Shell upload in Joomla 3.x||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule REQUEST_FILENAME "@endsWith /administrator/index.php" "chain,t:none,t:normalizePath" SecRule ARGS:option "@streq com_templates" "chain,t:none" SecRule ARGS:view "@streq template" "chain,t:none" SecRule &ARGS:id "@gt 0" "chain,t:none" SecRule &ARGS:file "@gt 0" "chain,t:none" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none" SecRule REQUEST_METHOD "@rx ^POST" "id:77350587,chain,phase:2,pass,nolog,auditlog,severity:5,t:none,msg:'IM360 WAF: Shell upload in Joomla 3.x||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||jform[source]==%{TX._JFS}||',tag:'joomla_core'" SecRule REQUEST_FILENAME "@endsWith /administrator/index.php" "chain,t:none,t:normalizePath" SecRule ARGS:option "@streq com_templates" "chain,t:none" SecRule ARGS:view "@streq template" "chain,t:none" SecRule ARGS:jform[source] "@rx ." "chain,t:none,capture,setvar:tx._JFS=%{TX.0}" SecRule &ARGS:file "@gt 0" "chain,t:none" SecRule FILES "!@rx ^$" "t:none" SecRule REQUEST_FILENAME "@endsWith /index.php" "chain,id:77142214,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: SQLi in JM Car Classifieds CarAgent Templates Joomla Plugin||MVN:%{MATCHED_VAR_NAME}||RSV:8.02||T:APACHE||MV:%{MATCHED_VAR}||',tag:'joomla_plugin'" SecRule ARGS:option "@streq com_djclassifieds" "chain,t:none" SecRule ARGS:view "@pm item show showitem" "chain,t:none,t:lowercase" SecRule ARGS:id|ARGS:Itemid|ARGS:type|ARGS:layout|ARGS:cid|ARGS:uid|ARGS:se "@rx [\x22\']" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77223010,chain,msg:'IM360 WAF: XSS vulnerability in Joomla! before 3.8.12 (CVE-2018-15880)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_core'" SecRule ARGS:option "@streq com_users" "chain,t:none,t:lowercase" SecRule ARGS:jform[name] "@contains <" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77223300,chain,msg:'IM360 WAF: Directory Traversal vulnerability in Joomla before 3.9.5 (CVE-2019-10945)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_core'" SecRule ARGS:option "@streq com_media" "chain,t:none,t:lowercase" SecRule ARGS:folder "@contains .." "t:none" SecMarker Joomla_Skip_URF_223010 SecRule ARGS:option "@streq com_fields" "id:77222550,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:lowercase,msg:'IM360 WAF: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 (CVE-2017-8917)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_core'" SecRule ARGS:view "@streq fields" "chain,t:none,t:lowercase" SecRule REQUEST_FILENAME "!@contains /administrator/" "chain,t:none,t:lowercase" SecRule REQUEST_BASENAME "@within index.php" "chain,t:none,t:lowercase" SecRule ARGS:list[fullordering] "@rx [^\w\ \.]" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77222620,chain,msg:'IM360 WAF: SQL injection vulnerability in the iJoomla com_adagency plugin 6.0.9 for Joomla! (CVE-2018-5696)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option|ARGS:controller "@pm com_adagency adagencyadvertisers" "chain,t:none,t:lowercase" SecRule ARGS:advertiser_status|ARGS:status_select "@contains '" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222820,chain,msg:'IM360 WAF: SQL Injection vulnerability in AllVideos Reloaded 1.2.x component for Joomla (CVE-2018-5990)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_avreloaded" "chain,t:none,t:lowercase" SecRule ARGS:view "@streq popup" "chain,t:none,t:lowercase" SecRule ARGS:divid "@contains '" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77222830,chain,msg:'IM360 WAF: SQL Injection vulnerability in ccNewsletter 2.x component for Joomla (CVE-2018-5989)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_ccnewsletter" "chain,t:none,t:lowercase" SecRule ARGS:task "@streq removesubscriber" "chain,t:none,t:lowercase" SecRule ARGS:id "@contains '" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77223330,chain,msg:'IM360 WAF: XSS vulnerability in Creative Image Slider component 3.1.0 for Joomla||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_creativeimageslider" "chain,t:none,t:lowercase" SecRule ARGS|!ARGS:caption|!ARGS:custom_css|!ARGS:custom_js "@rx \x22" "t:none,t:urlDecode" SecMarker JC_Skip_URF_211250 SecRule REQUEST_METHOD "@pm GET POST" "id:77221600,chain,msg:'IM360 WAF: SQL injection vulnerability in Youtube Gallery component 4.x through 4.1.7 and possibly 3.x for Joomla! (CVE-2014-4960)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_youtubegallery" "chain,t:none,t:lowercase" SecRule ARGS:listid|ARGS:themeid "@rx \D" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77222650,chain,msg:'IM360 WAF: SQL injection vulnerability in Zh YandexMap 6.2.1.0 Zh BaiduMap 3.0.0.1 and Zh GoogleMap 8.4.0.0 for Joomla (CVE-2018-6582 CVE-2018-6604 2018-6605)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@rx ^com_zh(?:baidu|yandex|google)map$" "chain,t:none,t:lowercase" SecRule ARGS:id "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222670,chain,msg:'IM360 WAF: SQL injection vulnerability in the Gallery WD 1.3.6 component for Joomla! (CVE-2018-5981)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_gallery_wd" "chain,t:none,t:lowercase" SecRule ARGS:tag_id|ARGS:gallery_id "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222800,chain,msg:'IM360 WAF: SQL injection vulnerability in DT Register 3.2.7 component for Joomla (CVE-2018-6584)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_dtregister" "chain,t:none,t:lowercase" SecRule ARGS:controller "@streq category" "chain,t:none,t:lowercase" SecRule ARGS:id "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222930,chain,msg:'IM360 WAF: SQL injection vulnerability in JomEstate PRO through 3.7 component for Joomla (CVE-2018-6368)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_jomestate" "chain,t:none,t:lowercase" SecRule ARGS:id "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222960,chain,msg:'IM360 WAF: SQL injection vulnerability in Fastball 2.5 component for Joomla (CVE-2018-6373)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_fastball" "chain,t:none,t:lowercase" SecRule ARGS:season "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222980,chain,msg:'IM360 WAF: SQL injection vulnerability in OS Property Real Estate 3.12.7 component for Joomla (CVE-2018-7319)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_osproperty" "chain,t:none,t:lowercase" SecRule ARGS:cooling_system1|ARGS:heating_system1|ARGS:laundry "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77223060,chain,phase:2,pass,nolog,auditlog,severity:5,t:none,msg:'IM360 WAF: SQL injection vulnerability in Swap Factory 2.2.1 Raffle Factory 3.5.2 Penny Auction Factory 2.0.4 component for Joomla! (CVE-2018-17379 CVE-2018-17378 CVE-2018-17384)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule ARGS:option "@within com_rafflefactory com_pennyfactory com_swapfactory" "chain,t:none,t:lowercase" SecRule ARGS:filter_order "!@rx ^[\w\-\.]+?$" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77223160,chain,msg:'IM360 WAF: SQL injection vulnerability in Zap Calendar Lite 4.3.4 component for Joomla||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_zcalendar" "chain,t:none" SecRule ARGS:eid "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77223190,chain,msg:'IM360 WAF: SQL injection vulnerability in Pinterest Clone Social Pinboard 2.0 component for Joomla (CVE-2018-5987)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_socialpinboard" "chain,t:none,t:lowercase" SecRule ARGS:pin_id|ARGS:user_id|ARGS:ends|ARGS:uid "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77223270,chain,msg:'IM360 WAF: Multiple XSS vulnerabilities in the StackIdeas Komento before 1.7.3 for Joomla (CVE-2014-0793)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_komento" "chain,t:none,t:lowercase" SecRule ARGS:latitude "@rx \D" "t:none" SecMarker JC_Skip_URF_210940 SecRule ARGS:view "@streq product" "id:77223240,chain,msg:'IM360 WAF: SQLi vulnerability in J2Store plugin 3.x before 3.3.7 for Joomla! (CVE-2019-9184)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,pass,nolog,auditlog,t:none,t:lowercase,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_j2store" "chain,t:none,t:lowercase" SecRule ARGS:/^product_option\[/ "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222910,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: SQL injection vulnerability in Solidres 2.5.1 component for Joomla (CVE-2018-5980)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule ARGS:option "@streq com_solidres" "chain,t:none,t:lowercase" SecRule ARGS:direction "!@within desc asc" "t:none,t:lowercase" SecRule REQUEST_COOKIES:/^[a-f0-9]{32}$/ "@rx ^(?:[a-z0-9]{26}|[a-z0-9]{32})$" "id:77222971,chain,msg:'IM360 WAF: CSRF vulnerability in JS Support Ticket 1.1.0 component for Joomla (CVE-2018-6007)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,pass,nolog,auditlog,t:none,severity:5,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_jssupportticket" "chain,t:none,t:lowercase" SecRule &ARGS:ticketid "@ge 1" "chain,t:none" SecRule REQUEST_HEADERS:Referer "!@contains %{SERVER_NAME}" "t:none,setvar:tx.rbl_infectors_rule=%{tx.rbl_infectors_rule}r77222971" SecRule ARGS:option "@streq com_extplorer" "id:77240030,chain,msg:'IM360 WAF: Possible Shell Upload Vulnerability in extplorer plugin for Joomla! (CVE-2013-5951)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,t:lowercase,severity:2,tag:'joomla_plugin'" SecRule FILES "@contains .php" "t:none,t:lowercase" SecRule REQUEST_METHOD "@pm GET POST" "id:77223380,chain,msg:'IM360 WAF: SQLi vulnerability in aWeb Cart Watching System for Virtuemart v1.0.7 for Joomla! (CVE-2016-10114)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option|ARGS:task "@pm com_content com_virtuemart smartsearch" "chain,t:none,t:lowercase" SecRule ARGS:option|ARGS:view "@rx \W" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77223400,chain,msg:'IM360 WAF: SQLi vulnerability in Spider Catalog component 3.0 for Joomla||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,pass,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_spidercatalog" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:category_id "!@rx ^[\d\,]+$" "t:none,t:urlDecodeUni" SecRule REQUEST_METHOD "@pm GET POST" "id:77222990,chain,msg:'IM360 WAF: SQL injection vulnerability in Google Map Landkarten 4.2.3 component for Joomla (CVE-2018-6396)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_gmap" "chain,t:none,t:lowercase" SecRule ARGS:cid|ARGS:id|ARGS:map "@contains '" "t:none,t:urlDecode" SecRule ARGS:option "@streq com_googlesearch_cse" "id:77222380,chain,msg:'IM360 WAF: XSS vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! (CVE-2015-6919)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:q "@rx \x22" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77222580,chain,msg:'IM360 WAF: SQL injection vulnerability in Joomla! Component JEXTN FAQ Pro 4.0.0 (CVE-2017-17875)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_jefaqpro" "chain,t:none,t:lowercase" SecRule ARGS:id "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222630,chain,msg:'IM360 WAF: SQL injection vulnerability in the SimpleCalendar 3.1.9 component for Joomla! (CVE-2018-5974)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',phase:2,block,nolog,auditlog,t:none,severity:2,tag:'joomla_plugin'" SecRule ARGS:option "@streq com_simplecalendar" "chain,t:none,t:lowercase" SecRule ARGS:view "@streq events" "chain,t:none,t:lowercase" SecRule ARGS:/catid\[\d+\]/ "@rx \D" "t:none" SecRule REQUEST_METHOD "@pm GET POST" "id:77222690,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: SQL injection vulnerability in JEXTN Classified 1.0.0 and JEXTN Reverse Auction 3.1.0 components for Joomla (CVE-2018-6575, CVE-2018-6579)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_plugin'" SecRule ARGS:option "@within com_jereverseauction com_jeclassifieds" "chain,t:none,t:lowercase" SecRule ARGS:id "@rx \x27|\x22|\(|\{|;|:\/\/|\$" "t:none,t:urlDecode" SecMarker MARKER_option SecRule REQUEST_URI "@rx \/api\/index.php\/v1\/(?:config\/application|users)" "id:77350169,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Improper access check in webservice endpoints in Joomla! (CVE-2023-23752)||MV:%{MATCHED_VAR}||RSV:8.02||T:APACHE||',tag:'joomla_core'" SecRule ARGS:public "!@rx ^$" "t:none" SecRule REQUEST_METHOD "@streq POST" "id:77350688,chain,phase:2,block,nolog,auditlog,severity:2,t:none,msg:'IM360 WAF: RCE via thumbnail generator in AcyMailing component for Joomla < 8.5.0||MV:%{MATCHED_VAR}||SC:%{SCRIPT_FILENAME}||RSV:8.02||T:APACHE||',tag:'joomla_core'" SecRule ARGS:content "@rx data:image/png;base64,PD(?:9waHA|89)" "t:none" SecRule REQUEST_URI "@contains /media/com_acym/images/thumbnails/" "id:77350689,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PHP execution blocked in AcyMailing thumbnails folder||MV:%{MATCHED_VAR}||SC:%{SCRIPT_FILENAME}||RSV:8.02||T:APACHE||',tag:'joomla_core'" SecRule REQUEST_FILENAME "@rx \.(?:php[\ds]?|pht(?:ml)?|phar)$" "t:none,t:normalizePath,t:lowercase"
.
Edit
..
Edit
000_i360_init.conf
Edit
001_i360_pass.conf
Edit
002_i360_basic.conf
Edit
003_i360_wp_logic.conf
Edit
004_i360_vectors.conf
Edit
005_i360_bruteforce.conf
Edit
006_i360_malware.conf
Edit
007_i360_custom.conf
Edit
008_i360_wordpress.conf
Edit
009_i360_joomla.conf
Edit
010_i360_drupal.conf
Edit
011_i360_otherapps.conf
Edit
012_i360_spam.conf
Edit
013_i360_generic.conf
Edit
014_i360_infectors.conf
Edit
015_i360_filescan.conf
Edit
016_i360_monitor.conf
Edit
017_i360_weak_pass.conf
Edit
018_Disable_WP_Redirect.conf
Edit
IM360-LICENSE.txt
Edit
RELEASE
Edit
VERSION
Edit
bl_agents
Edit
bl_chains
Edit
bl_db_list
Edit
bl_db_list_ext
Edit
bl_ips
Edit
bl_os_files
Edit
bl_path_files
Edit
bl_scanners
Edit
bl_uri
Edit
bl_web_files
Edit
bl_wpboost_uri
Edit
bl_xss_input
Edit
changelog.json
Edit
changelog.txt
Edit
cloudav_list
Edit
crawlers-google-iplist.data
Edit
crawlers-iplist.data
Edit
crawlers-ualist.data
Edit
danme_top100
Edit
detectlua.lua
Edit
inspectfile.lua
Edit
ip-record.db
Edit
java_data
Edit
malware_found.list
Edit
malware_found_b64.list
Edit
malware_standalone.list
Edit
malware_standalone_b64.list
Edit
path_traversal
Edit
php_data
Edit
rbl_whitelist
Edit
rce_uri
Edit
risky-actions.list
Edit
trap.lua
Edit
trap_cookie.lua
Edit
userdata_dirb_URLs.data
Edit