Description
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2007-1777)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4401)
Oracle Database Server CVE-2013-1534 Vulnerability (CVE-2013-1534)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5324)
WordPress Plugin Duplicate Page and Post SQL Injection (2.5.6)