CVE-2007-4914 Information

Feb 14, 2021 cve

Description

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form related to (1) class_gw_2checkout.php (2) class_gw_authorizenet.php (3) class_gw_nochex.php (4) class_gw_paypal.php and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

Reference

http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 http://osvdb.org/41319 http://osvdb.org/41320 http://osvdb.org/41321 http://osvdb.org/41322 http://osvdb.org/41323 http://secunia.com/advisories/26788 http://www.securityfocus.com/bid/25656 https://exchange.xforce.ibmcloud.com/vulnerabilities/36590

Share on: