CVE-2007-4914
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
Vulnerabilidad no especificada en la gestión de suscripciones en Invision Power Board (IPB o IP.Board) 2.3.1 anterior a 20070912 permite a usuarios remotos validados cambiar el ID de miembro y reducir el nivel de privilegio de usuarios de su elección a través de un formulario de pago manipulado, relacionado con (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, y (5) class_gw_safshop.php en sources/classes/paymentgateways/.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-09-17 CVE Reserved
- 2007-09-17 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/41319 | Vdb Entry | |
| http://osvdb.org/41320 | Vdb Entry | |
| http://osvdb.org/41321 | Vdb Entry | |
| http://osvdb.org/41322 | Vdb Entry | |
| http://osvdb.org/41323 | Vdb Entry | |
| http://www.securityfocus.com/bid/25656 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36590 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 | 2017-07-29 | |
| http://forums.invisionpower.com/index.php?showtopic=237075 | 2017-07-29 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26788 | 2017-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | <= 2.3.1 Search vendor "Invision Power Services" for product "Invision Power Board" and version " <= 2.3.1" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.1.5_2006-03-08 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.1.5_2006-03-08" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.1.5_2006-04-25 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.1.5_2006-04-25" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.1.6 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.1.6" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.2 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.2" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.2.1 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.2.1" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.2.2 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.2.2" | - |
Affected
| ||||||