Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-5871 — Open Redirect in Odoo

Severity

5.4MEDIUMNVD

EPSS

2.7%

top 14.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedMay 22

Latest updateMay 24

Description

Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

▶NVDodoo/odoo10.0, 8.0, 9.0+2

GHSA

GHSA-cwpq-rg22-433h: Odoo Version <= 8↗2022-05-24

▶

Nuclei

Odoo <= 8.0-20160726 & 9.0 - Open Redirect

▶

Debian

CVE-2017-5871: odoo - Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirec...↗2017

▶

Greynoiseio

NoiseLetter September 2025↗

▶