CVE-2007-4914
Invision Power Board < 2.3.1 - Authenticated Privilege Escalation via Payment Form Member ID Manipulation
Title source: llmDescription
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36590
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25656
Patch x_refsource_confirm
http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41321
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41320
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26788
Patch x_refsource_confirm
http://forums.invisionpower.com/index.php?showtopic=237075
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41319
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41322
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41323
Scores
EPSS
0.0138
EPSS Percentile
68.9%
Details
CWE
CWE-20
Status
published
Products (7)
invision_power_services/invision_power_board
2.1.5_2006-03-08
invision_power_services/invision_power_board
2.1.5_2006-04-25
invision_power_services/invision_power_board
2.1.6
invision_power_services/invision_power_board
2.2
invision_power_services/invision_power_board
2.2.1
invision_power_services/invision_power_board
2.2.2
invision_power_services/invision_power_board
< 2.3.1
Published
Sep 17, 2007
Tracked Since
Feb 18, 2026