Fgsch

**Name of the Vulnerable Software and Affected Versions** OWASP ModSecurity Core Rule Set (CRS) version 3.0.2 **Description** An issue was discovered where the use of `X.Filename` instead of `X Filename` can bypass some PHP Script Uploads rules. This occurs because PHP automatically transforms dots into underscores in certain contexts where dots are invalid. **Recommendations** For OWASP ModSecurity Core Rule Set (CRS) version 3.0.2, consider using `X Filename` instead of `X.Filename` to prevent bypassing of PHP Script Uploads rules. As a temporary workaround, review and update the existing rules to ensure they are not relying on the incorrect transformation of dots to underscores.