Odoo · Odoo Community · CVE-2018-14885
**Name of the Vulnerable Software and Affected Versions**
Odoo Community versions 10.0 through 11.0
Odoo Enterprise versions 10.0 through 11.0
**Description**
The issue is related to incorrect access control in the database manager component, allowing a remote attacker to restore a database dump without knowing the super-admin password. Any arbitrary password can succeed in this action.
**Recommendations**
For Odoo Community versions 10.0 through 11.0, update to a version that includes the fix for this issue.
For Odoo Enterprise versions 10.0 through 11.0, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the database manager component to minimize the risk of exploitation.