Wooeong2

**Name of the Vulnerable Software and Affected Versions** WPO WebPageTest version 19.04 **Description** The issue allows for Directory Traversal, enabling the reading of arbitrary files. This is due to an unanchored regular expression in the www/getfile.php file. An example of a malicious substring that can be used is 'a.jpg..'. **Recommendations** For WPO WebPageTest version 19.04, consider restricting access to the www/getfile.php file until a patch is available. As a temporary workaround, avoid using unanchored regular expressions in the file to minimize the risk of exploitation.