[6.0][6.1] Stock module contains SQL injection vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Addons (MOVED TO GITHUB) |
Fix Released
|
Critical
|
OpenERP's Framework R&D |
Bug Description
== Summary ==
The Warehouse Management Module (stock) is vulnerable to SQL injection attacks in the `context' parameter of the `get_product_
This vulnerability is present in the following OpenERP versions:
- OpenERP 6.0.3 and later
- OpenERP 6.1 (all versions)
== Impact ==
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Required to exploit
An attacker could pass a specially-crafted `context' parameter to the vulnerable function, possibly executing arbitrary SQL queries in the database. Such queries could alter business data or security related information such as user passwords and access rights.
Exploiting this vulnerability requires:
- remote network access to the vulnerable OpenERP system
- the credentials (user and password) of a user having access to Warehouse Management data
We are not aware of any malicious use if this vulnerability.
== Workaround ==
No known workaround is available, but systems without the stock module installed are not vulnerable.
Systems running versions earlier than 6.0.3 are not vulnerable.
OpenERP Online servers have been patched as of the day of discovery.
== Solution ==
Apply the attached patch, or upgrade to the latest OpenERP nightly builds for your series, as found on http://
To apply the patch, change into the root directory of the addons installation, then execute the patch command, such as:
patch -p0 -f < /path/to/
The following are the revision numbers of stable releases of `openobject-addons' after which the vulnerability is corrected:
- 6.1 series revno: 6850 rev-id: <email address hidden>
- 6.0 series revno: 5263 rev-id: <email address hidden>