3 matches found
CVE-2018-14865
Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files...
Odoo Access Control Error Vulnerability (CNVD-2019-30570)
Odoo is an open source commercial system from the Belgian company Odoo. An access control error vulnerability exists in the password encryption module in Odoo version 9.0 Community and Enterprise, which can be exploited by an attacker to modify another user's password...
CVE-2018-14868
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call...