Description

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.

Remediation

References

CVE-2019-3579

Related Vulnerabilities

WordPress Plugin Mass Delete Unused Tags Cross-Site Request Forgery (2.0.0)

WordPress Plugin Social Login WP Cross-Site Request Forgery (5.0.0.0)

Apache HTTP Server Missing Authorization Vulnerability (CVE-2020-13938)

WordPress Plugin Portfolio by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (2.27)

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-40035)

Severity

Medium

Classification

CVE-2019-3579 CWE-200

Tags

Missing Update Known Vulnerabilities