VYPR
Unrated severityNVD Advisory· Published Apr 11, 2007· Updated Jun 16, 2026

CVE-2007-1964

CVE-2007-1964

Description

member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.

Affected products

3
  • MyBB/Mybb2 versions
    cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.5:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.