Description

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.

Remediation

References

CVE-2010-4626

Related Vulnerabilities

WordPress Plugin Convert Plus Security Bypass (3.4.4)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1024)

WordPress Plugin School Management System-WPSchoolPress Multiple Vulnerabilities (2.1.9)

WordPress Plugin Official MailerLite Sign Up Forms Cross-Site Request Forgery (1.4.4)

WordPress Plugin NEX-Forms-Ultimate Form builder SQL Injection (3.0)

Severity

Medium

Classification

CVE-2010-4626

Tags

Missing Update Known Vulnerabilities