RSS   Vulnerabilities for 'Webpagetest'   RSS

2019-10-05
 
CVE-2019-17199

CWE-22
 
 
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.

 
2019-05-17
 
CVE-2019-12161

CWE-918
 
 
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).

 

Copyright 2024, cxsecurity.com

 

Back to Top