CVE-2014-10079

Name of the Vulnerable Software and Affected Versions Vembu StoreGrid version 4.4.x

Description The issue concerns the server web interface of Vembu StoreGrid, where the front page leaks the private IP address. This leak occurs due to incorrect processing of an index.php trailing slash, which discloses the private IP address in the ipaddress hidden form value of the HTML source code.

Recommendations For Vembu StoreGrid version 4.4.x, consider modifying the index.php page to correctly process trailing slashes and remove the disclosure of the private IP address in the ipaddress hidden form value. As a temporary workaround, restrict access to the server web interface to minimize the risk of exploitation.