Griffin Francis

**Name of the Vulnerable Software and Affected Versions** WPO WebPageTest version 19.04 **Description** The issue allows for Server-Side Request Forgery (SSRF) due to the `ValidateURL` function in `www/runtest.php` not properly handling octal encoding of IP addresses. For example, an IP address like `192.168` can be represented in octal as `0300.0250`, which is not correctly considered by the validation. **Recommendations** For WPO WebPageTest version 19.04, consider modifying the `ValidateURL` function to correctly handle octal encoding of IP addresses to prevent SSRF attacks. As a temporary workaround, restrict access to the `www/runtest.php` script until a proper fix is implemented.