CVE-2007-4143 Information

Description

user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status and possibly acquire free coupons via a modified URL containing a certain billing parameter and REQ=auth status=success and custom=upgrade substrings possibly related to PayPal transactions.

Reference

http://securityreason.com/securityalert/2958 http://www.securityfocus.com/archive/1/474936/100/0/threaded http://www.securityfocus.com/bid/25116 https://exchange.xforce.ibmcloud.com/vulnerabilities/35664