Description

Odoo is an all-in-one management software that offers a range of business applications that form a complete suite of enterprise management applications targeting companies of all sizes.

The Odoo Web Database Manager (endpoint /web/database/manager) is publicly accessible allowing an unauthenticated attacker to create new databases and edit/delete/backup existing Odoo databases. It's recommended to restrict access to this endpoint.

Remediation

Restrict access to the /web/database/manager endpoint using the instructions from the Web References section.

References

Related Vulnerabilities