member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mybb mybb 1.2.5 |
||
mybulletinboard mybulletinboard 1.2.5 |