CVE-2007-4914

Invision Power Board < 2.3.1 - Authenticated Privilege Escalation via Payment Form Member ID Manipulation

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36590
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25656
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/41321
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/41320
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26788
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/41319
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/41322
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/41323

Scores

EPSS 0.0138
EPSS Percentile 68.9%

Details

CWE
CWE-20
Status published
Products (7)
invision_power_services/invision_power_board 2.1.5_2006-03-08
invision_power_services/invision_power_board 2.1.5_2006-04-25
invision_power_services/invision_power_board 2.1.6
invision_power_services/invision_power_board 2.2
invision_power_services/invision_power_board 2.2.1
invision_power_services/invision_power_board 2.2.2
invision_power_services/invision_power_board < 2.3.1
Published Sep 17, 2007
Tracked Since Feb 18, 2026