Filtered by vendor Webpagetest
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-10049 | 2 Webpagetest, Webpagetest Project | 2 Webpagetest, Webpagetest | 2026-03-05 | N/A |
| WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context. | ||||
| CVE-2019-17199 | 2 Microsoft, Webpagetest | 2 Windows, Webpagetest | 2024-11-21 | 7.5 High |
| www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring. | ||||
| CVE-2019-12161 | 1 Webpagetest | 1 Webpagetest | 2024-11-21 | N/A |
| WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). | ||||
Page 1 of 1.