What is CVE-2012-10049?

CVE-2012-10049 is a vulnerability in Wpo Foundation Webpagetest, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.

Is CVE-2012-10049 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Wpo Foundation Webpagetest

CVE-2012-10049

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible dire…

Vulnerability class: Unrestricted File Upload

EPSS: 0.817 (99.2th percentile) — read the EPSS interpretation.

Affected products

Wpo Foundation Webpagetest — versions 0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/m… (exploit)
www.exploit-db.com/exploits/19790 (exploit)
www.exploit-db.com/exploits/20173 (exploit)
www.broadcom.com/support/security-center/attacksignatures/detail (third-party-advisory)
github.com/catchpoint/WebPageTest (product)
www.vulncheck.com/advisories/webpagetest-arbitrary-php-file-upload-rce (third-party-advisory)

Frequently asked questions

What is CVE-2012-10049?: CVE-2012-10049 is a vulnerability in Wpo Foundation Webpagetest, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.
Is CVE-2012-10049 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.