Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4143


Vulnerability Score 4.0 4.0
CVE Id CVE-2007-4143
Last Modified 05 Sep 2008 05:27:31
Published 03 Aug 2007 04:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions.

Vulnerable Systems


  • Phpcoupon


XF - phpcoupon-payment-security-bypass(35664)

BID - 25116

BUGTRAQ - 20070728 phpCoupon Vulnerabilities

SREASON - 2958

Last Updated: 27 May 2016 10:45:46