[email protected]CVE-2007-4914

HistorySep 17, 2007 - 5:17 p.m.

CVE-2007-4914

2007-09-1717:17:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-4914

invision power board

ip.board

vulnerability

authenticated users

privilege level

payment form

nvd

7.2 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.8%

JSON

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardeq2.2
invision_power_services:invision_power_boardinvision power services invision power boardeq2.2.2
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.6
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.5_2006-03-08
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.5_2006-04-25
invision_power_services:invision_power_boardinvision power services invision power boardeq2.2.1
invision_power_services:invision_power_boardinvision power services invision power boardle2.3.1

CPE	Name	Operator	Version
invision_power_services:invision_power_board	invision power services invision power board	eq	2.2
invision_power_services:invision_power_board	invision power services invision power board	eq	2.2.2
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1.6
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1.5_2006-03-08
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1.5_2006-04-25
invision_power_services:invision_power_board	invision power services invision power board	eq	2.2.1
invision_power_services:invision_power_board	invision power services invision power board	le	2.3.1

References

forums.invisionpower.com/index.php?act=attach&type=post&id=11870

forums.invisionpower.com/index.php?showtopic=237075

osvdb.org/41319

osvdb.org/41320

osvdb.org/41321

osvdb.org/41322

osvdb.org/41323

secunia.com/advisories/26788

www.securityfocus.com/bid/25656

exchange.xforce.ibmcloud.com/vulnerabilities/36590

7.2 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.8%

JSON

Related for CVE-2007-4914

cvelist1 prion1