[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-4914

Date: (C)2007-09-17   (M)2017-08-01
 
CVSS Score: 6.0Access Vector: NETWORK
Exploitability Subscore: 6.8Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

Reference:
BID-25656
SECUNIA-26788
OSVDB-41319
OSVDB-41320
OSVDB-41321
OSVDB-41322
OSVDB-41323
http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
http://forums.invisionpower.com/index.php?showtopic=237075
ipb-subscription-unauthorized-access(36590)

CWE    1
CWE-20

© 2013 SecPod Technologies