EUVD-2014-3720

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Dotclear before 2.6.3 allows remote authentication bypass via empty password in XML-RPC request

Reporter	Title	Published	Views	Family All 10
0day.today	Dotclear 2.6.2 Multiple Vulnerability	25 May 201400:00	–	zdt
CVE	CVE-2014-3781	11 Jun 201414:00	–	cve
Cvelist	CVE-2014-3781	11 Jun 201414:00	–	cvelist
NVD	CVE-2014-3781	11 Jun 201414:55	–	nvd
OpenVAS	Dotclear Multiple Vulnerabilities	9 Jun 201400:00	–	openvas
Packet Storm	Dotclear 2.6.2 Authentication Bypass	22 May 201400:00	–	packetstorm
Prion	Authentication flaw	11 Jun 201414:55	–	prion
securityvulns	[KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability	14 Jun 201400:00	–	securityvulns
securityvulns	Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)	14 Jun 201400:00	–	securityvulns
UbuntuCve	CVE-2014-3781	11 Jun 201414:55	–	ubuntucve

[
  {
    "enisaIdVendor": [
      {
        "id": "f9d862b5-69a2-327d-b67a-be3d9cd0f1f0",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "b38eeef9-82e3-391c-b98e-0fafe99ce5aa",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/cve/CVE-2014-3781
dotclear	www.dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
seclists	www.seclists.org/fulldisclosure/2014/May/107
secunia	www.secunia.com/advisories/58675
packetstormsecurity	www.packetstormsecurity.com/files/126766/Dotclear-2.6.2-Authentication-Bypass.html
karmainsecurity	www.karmainsecurity.com/KIS-2014-05
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.2Medium risk

Vulners AI Score6.2

CVSS 25.8

EPSS0.00447