Description

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.

Remediation

References

CVE-2019-3579

Related Vulnerabilities

XWiki CVE-2007-4898 Vulnerability (CVE-2007-4898)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1617)

silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5197)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7740)

Apache HTTP Server Other Vulnerability (CVE-2002-2103)

Severity

Medium

Classification

CVE-2019-3579 CWE-200

Tags

Missing Update Known Vulnerabilities