CNNVD-202508-781 Information
CNNVD ID
CNNVD-202508-781
Related CVE
- CNNVD Published: 2025-08-08
Description (Chinese)
Catchpoint Systems WebPageTest是Catchpoint Systems开源的一个测试和分析网页性能的工具。 WebPageTest 2.6及之前版本存在安全漏洞,该漏洞源于resultimage.php脚本未验证上传文件,可能导致任意文件上传和远程代码执行。
Description (English)
Catchpoint Systems WebPageTest is a web-based testing and analysis tool for Catchpoint Systems open source performance. There is a security loophole in WebPageTest 2.6 and earlier versions, which stems from the fact that the upload file was not verified in the result of a multiplication.php script, which could lead to any upload and remote code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Catchpoint Systems
Published
2025-08-08
Last Modified
2026-02-24
References
https://github.com/catchpoint/WebPageTest https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/ https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26148 https://www.exploit-db.com/exploits/19790 https://www.exploit-db.com/exploits/20173 https://www.vulncheck.com/advisories/webpagetest-arbitrary-php-file-upload-rce https://access.redhat.com/security/cve/cve-2012-10049
Patch
https://github.com/catchpoint/WebPageTest/releases
Share on: