CVE-2014-3781

NONE EPSS 80.2%
Published Jun 11, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 11, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.

Threat Intelligence

EPSS Exploit Probability
80.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

Affected Products 4

VendorProductVersionRange
dotcleardotclear* ≤2.6.2
dotcleardotclear2.6any
dotcleardotclear2.6any
dotcleardotclear2.6.1any

References 5

  • dotclear.org http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
    Vendor Advisory
  • karmainsecurity.com http://karmainsecurity.com/KIS-2014-05
    Exploit
  • packetstormsecurity.com http://packetstormsecurity.com/files/126766/Dotclear-2.6.2-Authentication-Bypass.html
    Exploit
  • seclists.org http://seclists.org/fulldisclosure/2014/May/107
    Exploit
  • secunia.com http://secunia.com/advisories/58675

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.