SSRF Vulnerability in WPO WebPageTest 19.04 due to Inadequate Validation of Octal Encoded IP Addresses

CVE-2019-12161 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).

Learn more about our Web App Pen Testing.