Webpagetest ≫ Webpagetest

2 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

7.5

CVE-2019-17199

Exploit

EPSS 57.65%
Published 05.10.2019 20:15:10
Last modified 21.11.2024 04:31:50

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.

8.8

CVE-2019-12161

EPSS 0.19%
Published 17.05.2019 19:29:00
Last modified 21.11.2024 04:22:20

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).