Odoo

Odoo

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-36259

Exploit
  • EPSS 0.14%
  • Veröffentlicht 25.02.2025 19:15:14
  • Zuletzt bearbeitet 28.02.2025 13:35:22

Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack.

8.8

CVE-2024-12368

Exploit
  • EPSS 0.13%
  • Veröffentlicht 25.02.2025 18:15:27
  • Zuletzt bearbeitet 28.02.2025 13:35:22

Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users.

7.3

CVE-2024-34534

  • EPSS 0.17%
  • Veröffentlicht 06.05.2024 21:15:48
  • Zuletzt bearbeitet 21.11.2024 09:18:53

A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model.

7.3

CVE-2024-34533

  • EPSS 0.17%
  • Veröffentlicht 06.05.2024 21:15:48
  • Zuletzt bearbeitet 21.11.2024 09:18:52

A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::...

8.1

CVE-2021-45111

  • EPSS 0.65%
  • Veröffentlicht 25.04.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:31:59

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.

6.1

CVE-2021-26263

  • EPSS 0.13%
  • Veröffentlicht 25.04.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:56:00

Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.

8.7

CVE-2021-23166

  • EPSS 0.45%
  • Veröffentlicht 25.04.2023 19:15:09
  • Zuletzt bearbeitet 03.02.2025 18:15:26

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.

6.5

CVE-2021-23176

  • EPSS 0.49%
  • Veröffentlicht 25.04.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:51:19

Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets.

7.5

CVE-2021-23178

  • EPSS 0.45%
  • Veröffentlicht 25.04.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:51:20

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charg...

8.7

CVE-2021-23186

  • EPSS 0.43%
  • Veröffentlicht 25.04.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:51:20

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system.