Description
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Mass Delete Unused Tags Cross-Site Request Forgery (2.0.0)
WordPress Plugin Social Login WP Cross-Site Request Forgery (5.0.0.0)
Apache HTTP Server Missing Authorization Vulnerability (CVE-2020-13938)
WordPress Plugin Portfolio by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (2.27)