Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOdoo
APPOdoo10.011.0
Related vulnerabilities
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to exec...
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11...
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 ...
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers c...
Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an int...