Produkt Webpagetest (...) - CVEMAP.ORG

Podatności dla 'Webpagetest'

2019-10-05

CVE-2019-17199

CWE-22

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.

2019-05-17

CVE-2019-12161

CWE-918

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).

Copyright 2024, cxsecurity.com