Vulnerabilities (CVE)

Filtered by vendor Webpagetest Subscribe
Filtered by product Webpagetest
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17199 2 Microsoft, Webpagetest 2 Windows, Webpagetest 2024-11-21 5.0 MEDIUM 7.5 HIGH
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
CVE-2019-12161 1 Webpagetest 1 Webpagetest 2024-11-21 4.0 MEDIUM 8.8 HIGH
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).