CVE-2018-15632
CRITICALOdoo < 11.0 - Unauthenticated Database Initialization via Improper Input Validation
Title source: llmDescription
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/odoo/odoo/issues/63700
Scores
CVSS v3
9.1
EPSS
0.0117
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
odoo/odoo
< 11.0 (2 CPE variants)
Published
Dec 22, 2020
Tracked Since
Feb 18, 2026