Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17199 | 2 Microsoft, Webpagetest | 2 Windows, Webpagetest | 2019-10-10 | 5.0 MEDIUM | 7.5 HIGH |
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring. | |||||
CVE-2019-12161 | 1 Webpagetest | 1 Webpagetest | 2019-05-21 | 4.0 MEDIUM | 8.8 HIGH |
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). |