Page 1 of 1

cxs exploit path wrong

Posted: 02 Sep 2019, 20:49
by UWH-David
I am seeing this on one of our installs:

Web upload script path : /home/csf/public_html/wp-content
Web upload script URL : ... rocess.php
Remote IP :
Deleted : No
Quarantined : Yes [/home/cxs/cxscgi/20190902-111450-XW1cGlR8iXLSCGA1s5JanQAAARM-file-DH3JX9.1567448091_1]

NOTE: [/home/csf/public_html/wp-content] does not exist on this server. However, ModSecurity is still triggering cxs to scan the attempted uploading of potentially malicious data

What is causing csf to populate instead of the username of the account?