Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2007-4914

Опубликовано: 17 сент. 2007
Источник: nvd
CVSS2: 6
EPSS Низкий

Описание

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*
Версия до 2.3.1 (включая)
cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01184
Низкий

6 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

github логотип

GHSA-g3g6-4ppq-2qq2

github
почти 4 года назад

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

EPSS

Процентиль: 78%
0.01184
Низкий

6 Medium

CVSS2

Дефекты

CWE-20