From 45bfadf96ef97081c440a65ec2275c12125bed42 Mon Sep 17 00:00:00 2001
From: fb1337 <fbressan@cloudflare.com>
Date: Fri, 19 Sep 2025 08:40:19 -0400
Subject: [PATCH 1/2] 2025-07-14 and 2025-07-28 fixed

---
 .../changelog/waf/2025-07-14-waf-release.mdx        | 13 +------------
 .../changelog/waf/2025-07-28-waf-release.mdx        | 13 -------------
 2 files changed, 1 insertion(+), 25 deletions(-)

diff --git a/src/content/changelog/waf/2025-07-14-waf-release.mdx b/src/content/changelog/waf/2025-07-14-waf-release.mdx
index 2197fb5a4dd733a..27ee5690579c07e 100644
--- a/src/content/changelog/waf/2025-07-14-waf-release.mdx
+++ b/src/content/changelog/waf/2025-07-14-waf-release.mdx
@@ -12,7 +12,7 @@ This week’s vulnerability analysis highlights emerging web application threats
 
 - XSS – Attribute Overloading: A novel cross-site scripting technique where attackers abuse custom or non-standard HTML attributes to smuggle payloads into the DOM. These payloads evade traditional sanitization logic, especially in frameworks that loosely validate attributes or trust unknown tokens.
 - XSS – onToggle Event Abuse: Exploits the lesser-used onToggle event (triggered by elements like `<details>`) to execute arbitrary JavaScript when users interact with UI elements. This vector is often overlooked by static analyzers and can be embedded in seemingly benign components.
-- SQLi – Obfuscated Boolean Logic: An advanced SQL injection variant that uses non-standard Boolean expressions, comment-based obfuscation, or alternate encodings (for example, `/*!true*/`, `AND/**/1=1`) to bypass basic input validation and WAF signatures. This technique is particularly dangerous in dynamic query construction contexts.
+
 
 **Impact**
 
@@ -53,16 +53,5 @@ These vulnerabilities target both user-facing components and back-end databases,
 			<td>Block</td>
 			<td>This is a New Detection</td>
 		</tr>
-		<tr>
-			<td>Cloudflare Managed Ruleset</td>
-			<td>
-				<RuleID id="7663ea44178441a0b3205c145563445f" />
-			</td>
-			<td>100800</td>
-			<td>SQLi - Obfuscated Boolean</td>
-			<td>Log</td>
-			<td>Block</td>
-			<td>This is a New Detection</td>
-		</tr>
 	</tbody>
 </table>
diff --git a/src/content/changelog/waf/2025-07-28-waf-release.mdx b/src/content/changelog/waf/2025-07-28-waf-release.mdx
index 6046cd432849a7c..921b6fc1550d0a6 100644
--- a/src/content/changelog/waf/2025-07-28-waf-release.mdx
+++ b/src/content/changelog/waf/2025-07-28-waf-release.mdx
@@ -8,7 +8,6 @@ import { RuleID } from "~/components";
 
 This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB, and Fortinet FortiWeb. Several flaws related with a memory leak in Apache Tomcat can lead to a denial-of-service attack. Additionally, a code injection flaw in MongoDB's Mongoose library allows attackers to bypass security controls to access restricted data.
 
-
 **Key Findings**
 
 - Fortinet FortiWeb (CVE-2025-25257): An improper neutralization of special elements used in a SQL command vulnerability in Fortinet FortiWeb versions allows an unauthenticated attacker to execute unauthorized SQL code or commands.
@@ -88,17 +87,5 @@ These vulnerabilities target user-facing components, web application servers, an
 			<td>Log</td>
 			<td>Block</td>
 			<td>This is a New Detection</td>
-		</tr>
-			<tr>
-			<td>Cloudflare Managed Ruleset</td>
-			<td>
-				<RuleID id="9b5c5e13d2ca4253a89769f2194f7b2d" />
-			</td>
-			<td>100822</td>
-			<td>WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058</td>
-			<td>Log</td>
-			<td>Block</td>
-			<td>This is a New Detection</td>
-		</tr>
 	</tbody>
 </table>
\ No newline at end of file

From c8bf96aef0f8dac51141e909e9b887ff7b4520ed Mon Sep 17 00:00:00 2001
From: fb1337 <fbressan@cloudflare.com>
Date: Fri, 19 Sep 2025 08:50:08 -0400
Subject: [PATCH 2/2] syntax - build fix

---
 src/content/changelog/waf/2025-07-28-waf-release.mdx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/content/changelog/waf/2025-07-28-waf-release.mdx b/src/content/changelog/waf/2025-07-28-waf-release.mdx
index 921b6fc1550d0a6..3374f46caf0c044 100644
--- a/src/content/changelog/waf/2025-07-28-waf-release.mdx
+++ b/src/content/changelog/waf/2025-07-28-waf-release.mdx
@@ -8,6 +8,7 @@ import { RuleID } from "~/components";
 
 This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB, and Fortinet FortiWeb. Several flaws related with a memory leak in Apache Tomcat can lead to a denial-of-service attack. Additionally, a code injection flaw in MongoDB's Mongoose library allows attackers to bypass security controls to access restricted data.
 
+
 **Key Findings**
 
 - Fortinet FortiWeb (CVE-2025-25257): An improper neutralization of special elements used in a SQL command vulnerability in Fortinet FortiWeb versions allows an unauthenticated attacker to execute unauthorized SQL code or commands.
@@ -87,5 +88,6 @@ These vulnerabilities target user-facing components, web application servers, an
 			<td>Log</td>
 			<td>Block</td>
 			<td>This is a New Detection</td>
+		</tr>
 	</tbody>
 </table>
\ No newline at end of file