Unrated severityNVD Advisory· Published Sep 17, 2007· Updated Apr 23, 2026

CVE-2007-4914

Description

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

Affected products

Invision Power Services/Invision Power Board7 versions
cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*range: <=2.3.1
- cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forums.invisionpower.com/index.phpnvdPatch
forums.invisionpower.com/index.phpnvdPatch
secunia.com/advisories/26788nvdVendor Advisory
osvdb.org/41319nvd
osvdb.org/41320nvd
osvdb.org/41321nvd
osvdb.org/41322nvd
osvdb.org/41323nvd
www.securityfocus.com/bid/25656nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36590nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000