MyBulletinBoard CVE-2007-1964 Denial-Of-Service Vulnerability

MyBulletinBoard CVE-2007-1964 Denial-Of-Service Vulnerability

MyBulletinBoard is prone to a denial-of-service vulnerability. member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.