Vulnerabilities > CVE-2007-1964
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
References
- http://securityreason.com/securityalert/2544
- http://securityreason.com/securityalert/2544
- http://www.securityfocus.com/archive/1/464267/100/100/threaded
- http://www.securityfocus.com/archive/1/464267/100/100/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33345
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33345