Description
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)
MySQL CVE-2024-21262 Vulnerability (CVE-2024-21262)
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4117)
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43827)
WordPress Plugin FunCaptcha-Anti-Spam CAPTCHA Multiple Cross-Site Scripting Vulnerabilities (0.4.3)