Description

Odoo is a suite of business management software and it uses Pallets Werkzeug as a core component. Therefore, Odoo is vulnerable to local file inclusion vulnerability inherited from Werkzeug.

Remediation

Upgrade to the latest version of Odoo

References

CVE-2019-14322

Odoo-12.0-LFI-Vulnerabilities

Related Vulnerabilities

WordPress Plugin Digital Publications by Supsystic Multiple Vulnerabilities (1.6.9)

WordPress Plugin Spicy Blogroll Local File Include (1.0.0)

WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.8)

TCExam Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-5744)

Severity

High

Classification

CVE-2019-14322 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

File Inclusion