Add vpatch-CVE-2024-8529 rule and test

[crowdsec-automation]

This rule targets the LearnPress SQL injection vulnerability (CVE-2024-8529) by focusing on the unauthenticated REST API endpoint /wp-json/learnpress/v1/courses and the c_fields parameter. The rule:

• Matches requests to the vulnerable endpoint by checking if the URI contains /wp-json/learnpress/v1/courses (case-insensitive).
• Inspects the c_fields argument for the presence of the ( character, which is a strong indicator of SQL injection attempts, especially as shown in the nuclei template payload (e.g., c_fields=(SELECT(0)FROM(SELECT(SLEEP(8)))a)).
• Applies both lowercase and urldecode transforms to normalize the input and ensure case-insensitive matching.
• Uses contains for the match type to minimize false positives while still catching typical SQLi payloads.
• The labels section includes the correct CVE, ATT&CK, and CWE references.

Validation checklist:

• All value: fields are lowercase.
• transform includes lowercase and urldecode where applicable.
• No match.value contains capital letters.
• Rule uses contains instead of regex for the argument match.

[github-actions]

Hello @crowdsec-automation and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2024-8529 🔴

[github-actions]

Hello @crowdsec-automation,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!