|
|
CVE Reference: CVE-2007-4914 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-4914 |
|
|
Description: Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/36590 SAID Secunia Advisory: SA26788 OSVDB 41319 41320 41321 41322 41323 CONFIRM http://forums.invisionpower.com/index.php?showtopic=237075 http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 BID 25656 |
|
| Return to the previous page. |
