Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 17/09/2007 Updated: 29/07/2017

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 prior to 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
invision power services invision power board 2.1.5_2006-03-08
invision power services invision power board 2.1.5_2006-04-25
invision power services invision power board 2.1.6
invision power services invision power board 2.2.2
invision power services invision power board
invision power services invision power board 2.2
invision power services invision power board 2.2.1

CWE-20 http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 http://www.securityfocus.com/bid/25656 http://secunia.com/advisories/26788 http://osvdb.org/41323 http://osvdb.org/41319 http://osvdb.org/41321 http://osvdb.org/41322 http://osvdb.org/41320 https://exchange.xforce.ibmcloud.com/vulnerabilities/36590 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-4914

Vulnerability Summary

References

Vulmon Search

About

Products

Connect