SSRF Vulnerability in WPO WebPageTest 19.04 due to Inadequate Validation of Octal Encoded IP Addresses
CVE-2019-12161 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).
Learn more about our Web App Pen Testing.