Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Unrestricted access to Odoo DB manager - Vulnerability Database

Unrestricted access to Odoo DB manager

Description

Odoo is a suite of business management software

Odoo DB manager is designed to be accessed by high privileged users only. It's not recommended to have Odoo DB manager publicly accessible even with enabled 'Masted Password'.

Remediation

Restrict access to Odoo DB manager

References

Odoo Help: securing /web/database/manager
Databases administration

Related Vulnerabilities

ColdFusion administrator login page publicly available Low
Common tags: Insecure Admin Access
SAP NetWeaver RECON CVE-2020-6287 High
Common tags: Insecure Admin Access
Fortinet Authentication bypass on administrative interface High
Common tags: Insecure Admin Access
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112) Medium
Common tags: Insecure Admin Access
Unauthorized Access to a web app installer Medium
Common tags: Insecure Admin Access

Severity

High

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Insecure Admin Access