CVE-2014-3781
NONE EPSS 80.2%
Published Jun 11, 201412y ago · Modified Jun 17, 20262w ago
Published Jun 11, 2014 12y ago
Last Modified Jun 17, 2026 2w ago
Description
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.
Threat Intelligence
EPSS Exploit Probability
80.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-287 Improper Authentication Authentication
Affected Products 4
References 5
- dotclear.org http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
- karmainsecurity.com http://karmainsecurity.com/KIS-2014-05
- packetstormsecurity.com http://packetstormsecurity.com/files/126766/Dotclear-2.6.2-Authentication-Bypass.html
- seclists.org http://seclists.org/fulldisclosure/2014/May/107
- secunia.com http://secunia.com/advisories/58675
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.