# AbanteCart 1.2.8 - Multiple SQL Injections sp.disable_function.function("define").filename_r("/static_pages/index\\.php$").var("$_SERVER[PHP_SELF]").value_r("\"").drop(); sp.disable_function.function("ModelToolBackup::createBackupTask").filename_r("/admin/model/tool/backup\\.php$").param("data[table_list]").value_r("'").drop(); sp.disable_function.function("ALanguageManager::_clone_language_rows").filename_r("/core/lib/language_manager\\.php$").param("from_language").value_r("[^0-9]").drop(); # Redaxo 5.2.0: Remote Code Execution via CSRF # See for details sp.disable_function.filename("/redaxo/src/addons/structure/pages/linkmap.php").function("substr").param("string").value_r("\"").drop(); # Guest Post: Vtiger 6.5.0 - SQL Injection sp.disable_function.filename("/modules/Calendar/Activity.php").function("save_module").param("query").value_r("[^0-9;]").drop(); # The State of Wordpress Security # All In One WP Security & Firewall sp.disable_function.filename("/admin/wp-security-dashboard-menu.php").function("render_tab3").var("_REQUEST[tab]").value_r("\"").drop(); # PHPKit 1.6.6: Code Execution for Privileged Users sp.disable_function.filename("/pkinc/func/default.php").function("move_uploaded_file").param("destination").value_r("\\.ph\\.+$").drop(); # Coppermine 1.5.42: Second-Order Command Execution sp.disable_function.filename("/include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]").value_r("[^a-z0-9]").drop(); sp.disable_function.filename("/forgot_passwd.php").function("cpg_db_query").var("CLEAN[id]").value_r("[^a-z0-9]").drop(); # CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop(); sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop();