Vulnerabilities > CVE-2007-4143 - Unspecified vulnerability in PHPcoupon
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpcoupon
exploit available
Summary
user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | phpCoupon Remote Payment Bypass Vulnerability. CVE-2007-4143. Webapps exploit for php platform |
| id | EDB-ID:30429 |
| last seen | 2016-02-03 |
| modified | 2007-07-28 |
| published | 2007-07-28 |
| reporter | freeprotect.net |
| source | https://www.exploit-db.com/download/30429/ |
| title | phpCoupon Remote Payment Bypass Vulnerability |
References
- http://securityreason.com/securityalert/2958
- http://securityreason.com/securityalert/2958
- http://www.securityfocus.com/archive/1/474936/100/0/threaded
- http://www.securityfocus.com/archive/1/474936/100/0/threaded
- http://www.securityfocus.com/bid/25116
- http://www.securityfocus.com/bid/25116
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35664