CVE-2019-11781

HIGH

Odoo < 12.0 - Unauthenticated Privilege Escalation via Portal Component

Title source: llm
STIX 2.1

Description

Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/odoo/odoo/issues/63706

Scores

CVSS v3 8.8
EPSS 0.0205
EPSS Percentile 78.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
odoo/odoo < 12.0 (2 CPE variants)
Published Dec 22, 2020
Tracked Since Feb 18, 2026