Directory Traversal Vulnerability in WPO WebPageTest 19.04 on Windows

CVE-2019-17199 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.

Learn more about our Web App Pen Testing.