CVE-2010-4626

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.

Published: Dec 30, 2010
Updated: Nov 9, 2025
CVE: CVE-2010-4626
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
mybb / mybb	1.2.10	1.2.10.x
mybb / mybb	1.2.8	1.2.8.x
mybb / mybb	1.4.3	1.4.3.x
mybb / mybb	1.04	1.04.x
mybb / mybb	1.1.1	1.1.1.x
mybb / mybb	1.1.3	1.1.3.x
mybb / mybb	1.2.2	1.2.2.x
mybb / mybb	1.2.9	1.2.9.x
mybb / mybb	1.4.8	1.4.8.x
mybb / mybb	1.2.1	1.2.1.x
mybb / mybb	1.01	1.01.x
mybb / mybb	1.1.6	1.1.6.x
mybb / mybb	1.2.6	1.2.6.x
mybb / mybb	1.4.0	1.4.0.x
mybb / mybb	1.2.0	1.2.0.x
mybb / mybb	1.4.9	1.4.9.x
mybb / mybb	1.02	1.02.x
mybb / mybb	1.2.5	1.2.5.x
mybb / mybb	1.4.2	1.4.2.x
mybb / mybb	1.1.8	1.1.8.x
mybb / mybb	1.2.11	1.2.11.x
mybb / mybb	1.1.5	1.1.5.x
mybb / mybb	1.2.13	1.2.13.x
mybb / mybb	1.4.6	1.4.6.x
mybb / mybb	1.1.0	1.1.0.x
mybb / mybb	1.2.3	1.2.3.x
mybb / mybb	1.4.10	1.4.10.x
mybb / mybb	1.2.7	1.2.7.x
mybb / mybb	1.1.7	1.1.7.x
mybb / mybb	1.1.4	1.1.4.x
mybb / mybb	1.03	1.03.x
mybb / mybb	-	1.4.11.x
mybb / mybb	1.00	1.00.x
mybb / mybb	1.2.4	1.2.4.x
mybb / mybb	1.2	1.2.x
mybb / mybb	1.2.12	1.2.12.x
mybb / mybb	1.1.2	1.1.2.x

Vulnerability Database

CVE-2010-4626

Deep Security Visibility Without the Complexity