Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4914

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2007-4914
Last Modified 15 Nov 2008 01:59:02
Published 17 Sep 2007 01:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-4914

Summary

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

Vulnerable Systems

Application

  • Invision Power Services Invision Power Board 2.1.5 2006-03-08

  • Invision Power Services Invision Power Board 2.1.5 2006-04-25

  • Invision Power Services Invision Power Board 2.1.6

  • Invision Power Services Invision Power Board 2.2

  • Invision Power Services Invision Power Board 2.2.1

  • Invision Power Services Invision Power Board 2.2.2

  • Invision Power Services Invision Power Board 2.3.1


References

CONFIRM - http://forums.invisionpower.com/index.php?showtopic=237075

CONFIRM - http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870

XF - ipb-subscription-unauthorized-access(36590)

BID - 25656

SECUNIA - 26788

OSVDB - 41323

OSVDB - 41322

OSVDB - 41321

OSVDB - 41320

OSVDB - 41319


Last Updated: 27 May 2016 10:46:01