Vulnerabilities > Odoo > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-15 CVE-2023-48050 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v.
network
low complexity
camsbiometrics odoo CWE-89
critical
9.8
2023-04-25 CVE-2021-44547 Unspecified vulnerability in Odoo
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.
network
low complexity
odoo
critical
9.1
2020-12-22 CVE-2018-15632 Improper Input Validation vulnerability in Odoo
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.
network
low complexity
odoo CWE-20
critical
9.1
2019-07-03 CVE-2018-14860 OS Command Injection vulnerability in Odoo
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.
network
low complexity
odoo CWE-78
critical
9.1
2019-06-28 CVE-2018-14885 Improper Access Control vulnerability in Odoo 10.0/11.0
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password.
network
low complexity
odoo CWE-284
critical
9.8
2017-07-04 CVE-2017-10804 Missing Authentication for Critical Function vulnerability in Odoo 10.0/8.0/9.0
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer.
network
low complexity
odoo CWE-306
critical
9.8