Description

member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.

Remediation

References

CVE-2007-1964

Related Vulnerabilities

MySQL Other Vulnerability (CVE-1999-1188)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Open Redirect (4.4.1)

OpenSSL Improper Input Validation Vulnerability (CVE-2014-3567)

WordPress Plugin Faster and Easier scroll to Top for WordPress-Smart Scroll to Top Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.3)

WordPress Plugin Car Rental by BestWebSoft Cross-Site Scripting (1.0.4)

Severity

Medium

Classification

CVE-2007-1964

Tags

Missing Update Known Vulnerabilities