diff --git a/administrator/components/com_jedchecker/libraries/rules/jamss.php b/administrator/components/com_jedchecker/libraries/rules/jamss.php index a1af3f74..bc9ebf33 100644 --- a/administrator/components/com_jedchecker/libraries/rules/jamss.php +++ b/administrator/components/com_jedchecker/libraries/rules/jamss.php @@ -222,7 +222,7 @@ private function init_jamss($deepscan = true) '22', 'Found the SourceCop encoded code. It is often used for malicious code ' . 'hiding, so go and check the code with some online SourceCop decoders'), - array('(?:exec|passthru|shell_exec|system|proc_|popen)[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*(?:\$_GET|\$_POST)', + array('\b(?:exec|passthru|shell_exec|system|proc_\w+|popen)\b[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*(?:\$_GET|\$_POST)', 'shell command execution from POST/GET variables', '23', 'Found direct shell command execution getting variables from POST/GET, ' .