CVE-2007-4914

Sažetak

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

Reference

http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
http://forums.invisionpower.com/index.php?showtopic=237075
http://osvdb.org/41319
http://osvdb.org/41320
http://osvdb.org/41321
http://osvdb.org/41322
http://osvdb.org/41323
http://secunia.com/advisories/26788
http://www.securityfocus.com/bid/25656
https://exchange.xforce.ibmcloud.com/vulnerabilities/36590

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-07-2017 - 01:33

Objavljeno

17-09-2007 - 17:17