Detail: Check rational chars like global.php file.
Find:
$action = (isset($HTTP_GET_VARS['action'])) ? stripslashes(trim($HTTP_GET_VARS['action'])) : stripslashes(trim($HTTP_POST_VARS['action']));
add after:
$action = preg_replace("/[^a-z0-9_-]+/i", "", $action);
(Do same for all update file from ZIP).