Odoo 12.0 allows remote attackers to read local files.
Odoo-120-LFI-Vulnerabilities
Odoo 120 that is open source ERP and CRM, allows remote attackers to read local files
wwwodoocom/security-report
palletsprojectscom/p/werkzeug/
CVE-2019-14322
To exploit vulnerability, someone could use '[HOST]:8069/base_import/static/c:/windows/winini' request to get some informations from the target
GET /
Nmap NSE script to detect CVE-2019-14322 of Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames
http-vuln-cve2019-14322nse
Nmap NSE script to detect CVE-2019-14322 of Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames
Description
CVE-2019-14322 - A vulnerability was found in Pallets Werkzeug up to 0154 It has been declared as critical This vulnerability affects the function SharedDataMiddleware of the
PoC of CVE-2019-14322: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-14322-scanner
A vulnerability was found in Pallets Werkzeug up to 0154 It has been declared as critical This vulnerability affects the function SharedDataMiddleware of the component Windows The manipulation with an unknown input leads to a directory traversal vulnerability The CWE definition for the vulnerability is CWE-22
In Pallets Werkzeug before 0155, Shar