CVE-2017-10803

MEDIUM

Odoo - Insecure Deserialization

Title source: rule

Description

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.

Exploits (1)

exploitdb WORKING POC

by SecuriTeam · locallinux

https://www.exploit-db.com/exploits/44064

View Code ZIP pw:eip

References (1)

[Patch, Third Party Advisory] https://github.com/odoo/odoo/issues/17898

Scores

CVSS v3 6.5

EPSS 0.0155

EPSS Percentile 81.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status draft

Affected Products (5)

odoo/odoo

Timeline

Published Jul 04, 2017

Tracked Since Feb 18, 2026