CVE-2007-4143

phpcoupon - Authenticated Privilege Escalation via Billing Parameter Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4143. PoCs published by freeprotect.net.

AI-analyzed exploit summary This exploit describes a payment bypass vulnerability in phpCoupon by manipulating URI parameters to simulate successful PayPal transactions without actual payment. The attack involves crafting a specific URL with parameters like 'billing' and 'status' to exploit improper transaction validation.

Description

user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions.

Exploits (1)

exploitdb WRITEUP VERIFIED
by freeprotect.net · textwebappsphp
https://www.exploit-db.com/exploits/30429

This exploit describes a payment bypass vulnerability in phpCoupon by manipulating URI parameters to simulate successful PayPal transactions without actual payment. The attack involves crafting a specific URL with parameters like 'billing' and 'status' to exploit improper transaction validation.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: phpCoupon (version not specified)
No auth needed
Prerequisites: Access to the target application's user.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2958
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35664
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474936/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25116

Scores

EPSS 0.0336
EPSS Percentile 87.5%

Details

Status published
Products (1)
phpcoupon/phpcoupon
Published Aug 03, 2007
Tracked Since Feb 18, 2026