CVE-2017-5871
MEDIUM NUCLEIOdoo <= 8.0-20160726 and 9 - URL Redirection to Untrusted Site
Title source: llmExploitation Summary
CVE-2017-5871 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).
Nuclei Templates (1)
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
MEDIUMVERIFIEDby 1337rokudenashi
Shodan:
title:"Odoo"
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.odoo.com
Exploit, Third Party Advisory x_refsource_misc
https://sysdream.com/news/lab/2017-11-20-cve-2017-5871-odoo-url-redirection-to-distrusted-site-open-redirect/
Scores
CVSS v3
5.4
EPSS
0.0268
EPSS Percentile
83.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (3)
odoo/odoo
8.0 (2 CPE variants)
odoo/odoo
9.0
odoo/odoo
10.0
Published
May 22, 2019
Tracked Since
Feb 18, 2026