Insecure Access Control and Message Spoofing in Odoo Portal Messaging System

Insecure Access Control and Message Spoofing in Odoo Portal Messaging System

CVE-2018-14867 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters.

Learn more about our Web Application Penetration Testing UK.