Vulnerabilities > CVE-2017-10803 - Deserialization of Untrusted Data vulnerability in Odoo 10.0/8.0/9.0

047910
CVSS 6.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
odoo
CWE-502
exploit available

Summary

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.

Vulnerable Configurations

Part Description Count
Application
Odoo
5

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionOdoo CRM 10.0 - Code Execution. CVE-2017-10803. Local exploit for Linux platform
idEDB-ID:44064
last seen2018-02-15
modified2017-06-30
published2017-06-30
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44064/
titleOdoo CRM 10.0 - Code Execution