Account Privilege Escalation via Crafted Links in Odoo Community and Enterprise 12.0 and Earlier

Account Privilege Escalation via Crafted Links in Odoo Community and Enterprise 12.0 and Earlier

CVE-2019-11781 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation.

Learn more about our Web Application Penetration Testing UK.