The remote web server is running a PHP application that is vulnerable to multiple attack vectors.
The remote web server is running a version of MyBB earlier than 1.4.12. Such versions are potentially affected by multiple issues : - There is a weakness in the mechanism for generating random passwords. (Bug 843) - It is possible to inject arbitrary headers into email sent to MyBB users. - An unspecified XSRF issue exists in the usercp2.php script. (Bug 852)