CVE-2010-4626

Name of the Vulnerable Software and Affected Versions MyBB versions prior to 1.4.12

Description The issue arises from the improper use of the PHP mt rand function by the my rand function in functions.php, making it easier for remote attackers to gain access to an arbitrary account. This can be achieved by requesting a password reset for the account and then conducting a brute-force attack.

Recommendations For versions prior to 1.4.12, update to version 1.4.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the password reset feature to minimize the risk of exploitation.