[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-4914

Date: (C)2007-09-17   (M)2017-08-01 


Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

CVSS Score: 6.0Access Vector: NETWORK
Exploit Score: 6.8Access Complexity: MEDIUM
Impact Score: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-25656
SECUNIA-26788
OSVDB-41319
OSVDB-41320
OSVDB-41321
OSVDB-41322
OSVDB-41323
http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
http://forums.invisionpower.com/index.php?showtopic=237075
ipb-subscription-unauthorized-access(36590)

CWE    1
CWE-20

© 2013 SecPod Technologies