[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

88036

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2007-4914Date: (C)2007-09-17   (M)2018-02-19


Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE_INSTANCE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-25656
SECUNIA-26788
OSVDB-41319
OSVDB-41320
OSVDB-41321
OSVDB-41322
OSVDB-41323
http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
http://forums.invisionpower.com/index.php?showtopic=237075
ipb-subscription-unauthorized-access(36590)

CWE    1
CWE-20

© SecPod Technologies