WebPagetest Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

WebPagetest is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to delete, upload, and download arbitrary files within the context of the affected application, to obtain potentially sensitive information from local files, and to execute arbitrary local scripts in the context of the Web server process other attacks are also possible. WebPagetest 2.6 and prior versions are vulnerable.

References

http://www.securityfocus.com/bid/54442

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 9.7
AV:N/AC:L/Au:N/C:P/I:C/A:C

Related Vulnerabilities

Artifectx xClassified 'catid' SQL Injection Vulnerability
Apache Tomcat /servlet Cross Site Scripting
ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
Assesi 'bg' Parameter SQL Injection vulnerability
AVTECH DVR Multiple Vulnerabilities

Take action and discover your vulnerabilities