This page aggregates publicly disclosed CVE and security risk information related to webpagetest, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-17199 | www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring. | [email protected] | 7.5 | 63.05% | 2019-10-05 | 2024-11-21 |
| CVE-2019-12161 | WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). | [email protected] | 8.8 | 0.20% | 2019-05-17 | 2024-11-21 |