Description

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.

Remediation

References

CVE-2019-3579

Related Vulnerabilities

WordPress Plugin Restricted Site Access Unspecified Vulnerability (2.0)

Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-14322)

Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4667)

WordPress Plugin Cookiebot-GDPR/CCPA Compliant Cookie Consent and Control Cross-Site Scripting (3.6.0)

WordPress Plugin Clean Login Cross-Site Scripting (1.12.6.3)

Severity

Medium

Classification

CVE-2019-3579 CWE-200

Tags

Missing Update Known Vulnerabilities