CVE-2019-3579
MEDIUMMyBB 1.8.19 - Exposure of Sensitive Information via Password Reset Request
Title source: llmDescription
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/
Release Notes, Vendor Advisory x_refsource_misc
https://blog.mybb.com/
Scores
CVSS v3
5.3
EPSS
0.0153
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
mybb/mybb
1.8.19
Published
Jun 06, 2019
Tracked Since
Feb 18, 2026