5.1

CVE-2010-4626

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.

Data is provided by the National Vulnerability Database (NVD)
MybbMybb Version <= 1.4.11
MybbMybb Version1.00
MybbMybb Version1.01
MybbMybb Version1.1.0
MybbMybb Version1.1.1
MybbMybb Version1.1.2
MybbMybb Version1.1.3
MybbMybb Version1.1.4
MybbMybb Version1.1.5
MybbMybb Version1.1.6
MybbMybb Version1.1.7
MybbMybb Version1.1.8
MybbMybb Version1.02
MybbMybb Version1.2
MybbMybb Version1.2.0
MybbMybb Version1.2.1
MybbMybb Version1.2.2
MybbMybb Version1.2.3
MybbMybb Version1.2.4
MybbMybb Version1.2.5
MybbMybb Version1.2.6
MybbMybb Version1.2.7
MybbMybb Version1.2.8
MybbMybb Version1.2.9
MybbMybb Version1.2.10
MybbMybb Version1.2.11
MybbMybb Version1.2.12
MybbMybb Version1.2.13
MybbMybb Version1.03
MybbMybb Version1.04
MybbMybb Version1.4.0
MybbMybb Version1.4.2
MybbMybb Version1.4.3
MybbMybb Version1.4.6
MybbMybb Version1.4.8
MybbMybb Version1.4.9
MybbMybb Version1.4.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.33% 0.781
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P