← Back

Webpagetest

webpagetest

Vendor: Webpagetest • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-17199
1Webpagetest
1Webpagetest
Nov 21, 2024
Oct 5, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
CVE-2019-12161
1Webpagetest
1Webpagetest
Nov 21, 2024
May 17, 2019
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).