Vulnerability Description
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mybb | Mybb | 1.2.5 |
| Mybulletinboard | Mybulletinboard | 1.2.5 |
References
- http://securityreason.com/securityalert/2544
- http://www.securityfocus.com/archive/1/464267/100/100/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33345
- http://securityreason.com/securityalert/2544
- http://www.securityfocus.com/archive/1/464267/100/100/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33345
FAQ
What is CVE-2007-1964?
CVE-2007-1964 is a vulnerability with a CVSS score of 6.0 (MEDIUM). member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in ...
How severe is CVE-2007-1964?
CVE-2007-1964 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1964?
Check the references section above for vendor advisories and patch information. Affected products include: Mybb Mybb, Mybulletinboard Mybulletinboard.