Description
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.
Remediation
References
Related Vulnerabilities
OpenSSL Other Vulnerability (CVE-2014-0198)
Apache HTTP Server Other Vulnerability (CVE-2000-1204)
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)
Perl Out-of-bounds Write Vulnerability (CVE-2023-47039)
WordPress Plugin Images Slideshow by 2J-Image Slider Unspecified Vulnerability (1.2.15)