CVE-2021-23166
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
Source: CVE-2021-23166
[월:] 2023년 04월
CVE-2021-44460
CVE-2021-44460
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests.
Source: CVE-2021-44460
CVE-2021-44465
CVE-2021-44465
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.
Source: CVE-2021-44465
CVE-2021-23176
CVE-2021-23176
Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets.
Source: CVE-2021-23176
CVE-2021-44775
CVE-2021-44775
Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.
Source: CVE-2021-44775
CVE-2021-45071
CVE-2021-45071
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names.
Source: CVE-2021-45071
CVE-2023-30177
CVE-2023-30177
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.
Source: CVE-2023-30177
CVE-2023-23838
CVE-2023-23838
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
Source: CVE-2023-23838
CVE-2023-30545
CVE-2023-30545
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9
Source: CVE-2023-30545
CVE-2023-23837
CVE-2023-23837
No exception handling vulnerability which revealed sensitive or excessive information to users.
Source: CVE-2023-23837