Unrated severityNVD Advisory· Published Sep 17, 2007· Updated Jun 16, 2026
CVE-2007-4914
CVE-2007-4914
Description
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
Affected products
10cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*range: <=2.3.1
- cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*
- Range: <20070912
- Range: <20070912
- Range: <20070912
Patches
Vulnerability mechanics
References
10- forums.invisionpower.com/index.phpnvdPatch
- forums.invisionpower.com/index.phpnvdPatch
- secunia.com/advisories/26788nvdVendor Advisory
- osvdb.org/41319nvd
- osvdb.org/41320nvd
- osvdb.org/41321nvd
- osvdb.org/41322nvd
- osvdb.org/41323nvd
- www.securityfocus.com/bid/25656nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/36590nvd
News mentions
0No linked articles in our index yet.