Webpagetest · Wpo Webpagetest · CVE-2019-17199
**Name of the Vulnerable Software and Affected Versions**
WPO WebPageTest version 19.04
**Description**
The issue allows for Directory Traversal, enabling the reading of arbitrary files. This is due to an unanchored regular expression in the www/getfile.php file. An example of a malicious substring that can be used is 'a.jpg..'.
**Recommendations**
For WPO WebPageTest version 19.04, consider restricting access to the www/getfile.php file until a patch is available. As a temporary workaround, avoid using unanchored regular expressions in the file to minimize the risk of exploitation.