odoo some unknown version has a vulnerability that is a remote attacker can backup website's databases directly with no authed accounts
i has found some website established by Odoo CMS
all they databases could be downloaded with unauthorized,such as:
simple 1

simple 2

simple 3

simple 4

simple 5

and so on ....
i use this google dork to search

inurl:/web/login intext:"Log in with Odoo.com"


and find almost 3,290 websites in search result

access

http://www.xxx.com/web/database/manager

can appear this vulnerability