Vulnerabilities > Odoo > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-15 CVE-2023-48050 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v.
network
low complexity
camsbiometrics odoo CWE-89
critical
9.8
2023-04-25 CVE-2021-44547 Unspecified vulnerability in Odoo
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.
network
low complexity
odoo
critical
9.1
2019-07-03 CVE-2018-14860 OS Command Injection vulnerability in Odoo 10.0/11.0/8.0
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.
network
low complexity
odoo CWE-78
critical
9.0
2019-04-09 CVE-2018-15640 Improper Privilege Management vulnerability in Odoo 10.0/11.0/12.0
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.
network
low complexity
odoo CWE-269
critical
9.0