2007-04-11 14:00:00
mitre
PUBLISHED
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the accounts registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.