Description

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.

Remediation

References

CVE-2014-3781

Related Vulnerabilities

Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5148)

WordPress Plugin Limit Attempts by BestWebSoft SQL Injection (1.1.0)

WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0.11 - 2.3)

WordPress Plugin MM Duplicate 'index.php' SQL Injection (1.2)

WordPress Plugin YARPP-Yet Another Related Posts SQL Injection (5.30.2)

Severity

Medium

Classification

CVE-2014-3781 CWE-287

Tags

Missing Update Known Vulnerabilities