Report engine in Odoo Community 9.0 up to and including 11.0 and previous versions and Odoo Enterprise 9.0 up to and including 11.0 and previous versions does not use secure options when passing documents to wkhtmltopdf, which allows remote malicious users to read local files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
odoo odoo 9.0 |
||
odoo odoo 10.0 |
||
odoo odoo 11.0 |