Description

member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.

Remediation

References

CVE-2007-1964

Related Vulnerabilities

WordPress Plugin zeList Directory Cross-Site Scripting (0.5.11.07)

WordPress Plugin MiwoFTP-File & Folder Manager Multiple Vulnerabilities (1.0.5)

WordPress Plugin WP REST API (WP API) Cross-Site Scripting (1.2.2)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking 'pretty-bar.php' Cross-Site Scripting (1.5.2)

WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028)

Severity

Medium

Classification

CVE-2007-1964

Tags

Missing Update Known Vulnerabilities