Description

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.

Remediation

References

CVE-2010-4626

Related Vulnerabilities

WordPress Plugin Chained Quiz Multiple Cross-Site Scripting Vulnerabilities (0.9.8)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-16863)

Oracle HTTP Server Other Vulnerability (CVE-2012-2751)

Joomla CVE-2019-12764 Vulnerability (CVE-2019-12764)

WordPress Plugin NextGEN Gallery Sell Photo Cross-Site Scripting (1.0.4)

Severity

Medium

Classification

CVE-2010-4626

Tags

Missing Update Known Vulnerabilities