Description

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.

Remediation

References

CVE-2019-3579

Related Vulnerabilities

WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Multiple Cross-Site Scripting Vulnerabilities (3.2.2)

PHP NULL Pointer Dereference Vulnerability (CVE-2016-7130)

WordPress Plugin Email Users Cross-Site Scripting (4.7.5)

Oracle Database Server CVE-2018-3110 Vulnerability (CVE-2018-3110)

WordPress Plugin BuddyPress Cross-Site Request Forgery (2.9.0)

Severity

Medium

Classification

CVE-2019-3579 CWE-200

Tags

Missing Update Known Vulnerabilities