Vulnerabilities > CVE-2007-4143 - Remote Payment Bypass vulnerability in phpCoupon

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

phpcoupon

exploit available

NVD

Published: 2007-08-03

Updated: 2018-10-15

Summary

user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions.

Vulnerable Configurations

Part	Description	Count
Application	Phpcoupon Phpcoupon Phpcoupon *	1

Exploit-Db

description	phpCoupon Remote Payment Bypass Vulnerability. CVE-2007-4143. Webapps exploit for php platform
id	EDB-ID:30429
last seen	2016-02-03
modified	2007-07-28
published	2007-07-28
reporter	freeprotect.net
source	https://www.exploit-db.com/download/30429/
title	phpCoupon Remote Payment Bypass Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References