CVE-2007-1964

Published: Apr 11, 2007Modified: Apr 23, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.

Affected (2)

Products: Mybb: Mybb · Mybulletinboard: Mybulletinboard

1 product

Mybulletinboard

1 product

Mybulletinboard

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mybb Mybb	Version 1.2.5
Mybulletinboard Mybulletinboard	Version 1.2.5

References (6)

http://securityreason.com/securityalert/2544

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/464267/100/100/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/33345

Source: cve@mitre.org

http://securityreason.com/securityalert/2544

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/464267/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/33345

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.