CVE-2019-13464
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.
Date published : 2019-07-09
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386
https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1391