Arbitrary Menuitem Deletion Vulnerability in Odoo Community and Enterprise 11.0 and Earlier

Arbitrary Menuitem Deletion Vulnerability in Odoo Community and Enterprise 11.0 and Earlier

CVE-2018-14862 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request.

Learn more about our Internal Network Penetration Testing.