CVE-2012-10049

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and...

CVE-2012-10049 WebPageTest Arbitrary PHP File Upload RCE

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and...

Catchpoint Systems WebPageTest 安全漏洞

Catchpoint Systems WebPageTest is an open source tool from Catchpoint Systems to test and analyze the performance of web pages. A security vulnerability exists in WebPageTest 2.6 and earlier versions, which stems from the resultimage.php script that does not validate uploaded files, which could...

WebPageTest Arbitrary PHP File Upload

This module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessible by remote users. This flaw can be abused to gain remote code...