cve/CVE-2018-14886.md at 410e68ca9dddb67493d84ae4fe8e1a9e392594db

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description.

POC

Reference

https://github.com/odoo/odoo/commits/master
https://github.com/odoo/odoo/commits/master

Github

No PoCs found on GitHub currently.

759 B Raw Blame History

CVE-2018-14886

Description

POC

Reference

Github

759 B

Raw Blame History