Webpagetest: Security Vulnerabilities
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-10-05
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).
CVSS Score
8.8
EPSS Score
0.002
Published
2019-05-17