Back to search
CVE-2007-4914
Published: Sep 17, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ipb-subscription-unauthorized-access(36590)
vdb-entry
x_refsource_XF
25656
vdb-entry
x_refsource_BID
http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
x_refsource_CONFIRM
41322
vdb-entry
x_refsource_OSVDB
41321
vdb-entry
x_refsource_OSVDB
41323
vdb-entry
x_refsource_OSVDB
41320
vdb-entry
x_refsource_OSVDB
26788
third-party-advisory
x_refsource_SECUNIA
http://forums.invisionpower.com/index.php?showtopic=237075
x_refsource_CONFIRM
41319
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now