Vulnerability Details CVE-2014-10079
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.138
EPSS Ranking 94.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://cxsecurity.com/issue/WLB-2018120091
- https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html
- https://seclists.org/fulldisclosure/2014/Aug/8
- https://www.exploit-db.com/exploits/46549/
- https://cxsecurity.com/issue/WLB-2018120091
- https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html
- https://seclists.org/fulldisclosure/2014/Aug/8
- https://www.exploit-db.com/exploits/46549/