Summary
WebPagetest is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to delete, upload, and download arbitrary files within the context of the affected application, to obtain potentially sensitive information from local files, and to execute arbitrary local scripts in the context of the Web server process
other attacks are also possible.
WebPagetest 2.6 and prior versions are vulnerable.
References
Updated on 2015-03-25