MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 72.3%