Vulnerability Description
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invision Power Services | Invision Power Board | <= 2.3.1 |
Related Weaknesses (CWE)
References
- http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870Patch
- http://forums.invisionpower.com/index.php?showtopic=237075Patch
- http://osvdb.org/41319
- http://osvdb.org/41320
- http://osvdb.org/41321
- http://osvdb.org/41322
- http://osvdb.org/41323
- http://secunia.com/advisories/26788Vendor Advisory
- http://www.securityfocus.com/bid/25656
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36590
- http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870Patch
- http://forums.invisionpower.com/index.php?showtopic=237075Patch
- http://osvdb.org/41319
- http://osvdb.org/41320
- http://osvdb.org/41321
FAQ
What is CVE-2007-4914?
CVE-2007-4914 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privileg...
How severe is CVE-2007-4914?
CVE-2007-4914 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4914?
Check the references section above for vendor advisories and patch information. Affected products include: Invision Power Services Invision Power Board.