Description

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.

Remediation

References

CVE-2019-3579

Related Vulnerabilities

WordPress Plugin ClickDesk Live Support-Live Chat-Help Desk Cross-Site Scripting (4.2)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-5834)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3365)

WordPress Plugin WebLibrarian Cross-Site Scripting (3.4.8.6)

WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)

Severity

Medium

Classification

CVE-2019-3579 CWE-200

Tags

Missing Update Known Vulnerabilities