CVE-2014-10079

MEDIUM

Vembu StoreGrid 4.4.x - Exposure of Sensitive Information via Index Page Hidden Form Value

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-10079. PoCs published by Gionathan Reale.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Vembu Storegrid Web Interface 4.4.0, including information disclosure and reflected XSS. It does not contain executable exploit code but outlines attack vectors.

Description

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.

Exploits (1)

exploitdb WRITEUP
by Gionathan Reale · textwebappsphp
https://www.exploit-db.com/exploits/46549

The provided text describes multiple vulnerabilities in Vembu Storegrid Web Interface 4.4.0, including information disclosure and reflected XSS. It does not contain executable exploit code but outlines attack vectors.

Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Vembu Storegrid Web Interface 4.4.0
No auth needed
Prerequisites: Network access to the target web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://cxsecurity.com/issue/WLB-2018120091
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2014/Aug/8
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46549/

Scores

CVSS v3 5.3
EPSS 0.0875
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
vembu/storegrid 4.4
Published Feb 23, 2019
Tracked Since Feb 18, 2026