Remote Initialization of Empty Database in Odoo Community and Enterprise 11.0 and Earlier

CVE-2018-15632 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.

Learn more about our Web Application Penetration Testing UK.