CVE-2007-3219

Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:C/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
http://forums.invisionpower.com/index.php?showtopic=235316
http://www.securityfocus.com/bid/24442
http://secunia.com/advisories/25637	Patch Vendor Advisory
http://www.osvdb.org/35436
http://www.vupen.com/english/advisories/2007/2160
https://exchange.xforce.ibmcloud.com/vulnerabilities/34841

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:invision_power_services:invision_power_board:2.2:::::::*
	cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:::::::*
	cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:::::::*

Information

Published : 2007-06-14 15:30

Updated : 2017-07-28 18:32

NVD link : CVE-2007-3219

Mitre link : CVE-2007-3219

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

invision_power_services

invision_power_board

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://forums.invisionpower.com/index.php?showtopic=235316", "name": "http://forums.invisionpower.com/index.php?showtopic=235316", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/24442", "name": "24442", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/25637", "name": "25637", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/35436", "name": "35436", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/2160", "name": "ADV-2007-2160", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34841", "name": "ipb-xmlout-data-manipulation(34841)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3219", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-06-14T22:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:32Z"}