Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
odoo odoo vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-48050
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 up to and including 16.0.1 allows a remote malicious user to execute arbitrary code and to gain privileges via the db paramet...
Camsbiometrics Zkteco\\, Essl\\, Cams Biometrics Integration Module
Odoo Biometric Attendance
9.8
CVSSv3
CVE-2019-15564
The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.
Compassionuk Compassion Switzerland 10.01.4
9.8
CVSSv3
CVE-2018-14885
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote malicious user to restore a database dump without knowing the super-admin password. An arbitrary password succeeds.
Odoo Odoo 10.0
Odoo Odoo 11.0
9.8
CVSSv3
CVE-2017-10804
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because P...
Odoo Odoo 10.0
Odoo Odoo 8.0
Odoo Odoo 9.0
9.1
CVSSv3
CVE-2021-44547
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.
Odoo Odoo
9.1
CVSSv3
CVE-2018-15632
Improper input validation in database creation logic in Odoo Community 11.0 and previous versions and Odoo Enterprise 11.0 and previous versions, allows remote malicious users to initialize an empty database on which they can connect with default credentials.
Odoo Odoo
9.1
CVSSv3
CVE-2018-14860
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and previous versions and Odoo Enterprise 11.0 and previous versions allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.
Odoo Odoo
8.8
CVSSv3
CVE-2019-11781
Improper input validation in portal component in Odoo Community 12.0 and previous versions and Odoo Enterprise 12.0 and previous versions, allows remote malicious users to trick victims into modifying their account via crafted links, leading to privilege escalation.
Odoo Odoo
8.8
CVSSv3
CVE-2020-29396
A sandboxing issue in Odoo Community 11.0 up to and including 13.0 and Odoo Enterprise 11.0 up to and including 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.
Odoo Odoo
1 Github repository
8.8
CVSSv3
CVE-2018-15640
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 up to and including 12.0 allows remote authenticated malicious users to obtain elevated privileges via a crafted request.
Odoo Odoo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »