CVE-2014-3781

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*
cpe:2.3:a:dotclear:dotclear:2.6:-:*:*:*:*:*:*
cpe:2.3:a:dotclear:dotclear:2.6:rc:*:*:*:*:*:*
cpe:2.3:a:dotclear:dotclear:2.6.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-06-11 14:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-3781

Mitre link : CVE-2014-3781

CVE.ORG link : CVE-2014-3781


JSON object : View

Products Affected

dotclear

  • dotclear
CWE
CWE-287

Improper Authentication