CVE-2007-4914 (GCVE-0-2007-4914)

Vulnerability from cvelistv5 – Published: 2007-09-17 17:00 – Updated: 2024-08-07 15:08
VLAI?
Summary
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/25656 vdb-entryx_refsource_BID
http://forums.invisionpower.com/index.php?act=att… x_refsource_CONFIRM
http://osvdb.org/41322 vdb-entryx_refsource_OSVDB
http://osvdb.org/41321 vdb-entryx_refsource_OSVDB
http://osvdb.org/41323 vdb-entryx_refsource_OSVDB
http://osvdb.org/41320 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/26788 third-party-advisoryx_refsource_SECUNIA
http://forums.invisionpower.com/index.php?showtop… x_refsource_CONFIRM
http://osvdb.org/41319 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ipb-subscription-unauthorized-access(36590)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
          },
          {
            "name": "25656",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25656"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
          },
          {
            "name": "41322",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41322"
          },
          {
            "name": "41321",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41321"
          },
          {
            "name": "41323",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41323"
          },
          {
            "name": "41320",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41320"
          },
          {
            "name": "26788",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26788"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.invisionpower.com/index.php?showtopic=237075"
          },
          {
            "name": "41319",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41319"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ipb-subscription-unauthorized-access(36590)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
        },
        {
          "name": "25656",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25656"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
        },
        {
          "name": "41322",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41322"
        },
        {
          "name": "41321",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41321"
        },
        {
          "name": "41323",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41323"
        },
        {
          "name": "41320",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41320"
        },
        {
          "name": "26788",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26788"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.invisionpower.com/index.php?showtopic=237075"
        },
        {
          "name": "41319",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41319"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4914",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ipb-subscription-unauthorized-access(36590)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
            },
            {
              "name": "25656",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25656"
            },
            {
              "name": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870",
              "refsource": "CONFIRM",
              "url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
            },
            {
              "name": "41322",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41322"
            },
            {
              "name": "41321",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41321"
            },
            {
              "name": "41323",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41323"
            },
            {
              "name": "41320",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41320"
            },
            {
              "name": "26788",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26788"
            },
            {
              "name": "http://forums.invisionpower.com/index.php?showtopic=237075",
              "refsource": "CONFIRM",
              "url": "http://forums.invisionpower.com/index.php?showtopic=237075"
            },
            {
              "name": "41319",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41319"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4914",
    "datePublished": "2007-09-17T17:00:00",
    "dateReserved": "2007-09-17T00:00:00",
    "dateUpdated": "2024-08-07T15:08:33.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4914\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-09-17T17:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en la gesti\u00f3n de  suscripciones en Invision Power Board (IPB o IP.Board) 2.3.1 anterior a 20070912 permite a usuarios remotos validados cambiar el ID de miembro y reducir el nivel de privilegio de usuarios de su elecci\u00f3n a trav\u00e9s de un formulario de pago manipulado, relacionado con (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, y (5) class_gw_safshop.php en sources/classes/paymentgateways/.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.1\",\"matchCriteriaId\":\"80F198C2-6AAD-482F-A95E-10505A69993C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5116FA-C532-42DF-ABBD-193AD7B799A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A90F21A-0FE7-456C-86FA-2F60542A7EA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8BC2011-5D19-4AF2-BCCD-38A03D0175FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05AF1F12-0E9C-478C-9DDA-356E5231A073\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9826649-436F-4C05-A0DB-0C5D5CC42B61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D2431F4-91A3-42C0-985C-1A5DBE305E95\"}]}]}],\"references\":[{\"url\":\"http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://forums.invisionpower.com/index.php?showtopic=237075\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://osvdb.org/41319\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/41320\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/41321\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/41322\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/41323\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26788\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/25656\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36590\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://forums.invisionpower.com/index.php?showtopic=237075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://osvdb.org/41319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/41320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/41321\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/41322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/41323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/25656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.