Smart Filter triggers ModDSecurity's rule SQL Injection Attack Detected via libinjection

Open darcychristUWU opened this issue 3 months ago • 1 comments

I am aware this was reported here: https://github.com/codepress/admin-columns-issues/issues/1187

However it seems to me that one of the original discussions (https://www.admincolumns.com/forums/topic/getting-403-forbidden-when-searching-posts/) of this issue incorrectly identifies the issue as being caused by the json string in the url, when in fact it is being caused by the use of SQL terms in the query.

Seems to me there is room for Admin Columns Pro to not use SQL terms (AND or OR etc.) in the smart filter

Oct 20 '25 05:10 darcychristUWU

I withdraw this post and point others to look at their mod_security rulesets. Two possible approaches are to whitelist your ip address or create a more complex rule to bypass an SQL Injection rules based upon the url

Oct 21 '25 03:10 darcychristUWU