Odoo · Odoo Community · CVE-2018-15632
Name of the Vulnerable Software and Affected Versions:
Odoo Community versions 11.0 and earlier
Odoo Enterprise versions 11.0 and earlier
Description:
The issue is related to improper input validation in database creation logic, allowing remote attackers to initialize an empty database and connect to it using default credentials.
Recommendations:
For Odoo Community versions 11.0 and earlier, update to a version later than 11.0 to resolve the issue.
For Odoo Enterprise versions 11.0 and earlier, update to a version later than 11.0 to resolve the issue.
As a temporary workaround, consider restricting access to the database creation logic to minimize the risk of exploitation.