ID CVE-2007-3219
Summary Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.
References
Vulnerable Configurations
  • cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:C/A:N
refmap via4
bid 24442
confirm http://forums.invisionpower.com/index.php?showtopic=235316
osvdb 35436
secunia 25637
vupen ADV-2007-2160
xf ipb-xmlout-data-manipulation(34841)
Last major update 29-07-2017 - 01:32
Published 14-06-2007 - 22:30
Last modified 29-07-2017 - 01:32
Back to Top