odoo some unknown version has a vulnerability that is a remote attacker can backup website's databases directly with no authed accounts
i has found some website established by Odoo CMS
all they databases could be downloaded with unauthorized,such as:
and so on ....
i use this google dork to search
inurl:/web/login intext:"Log in with Odoo.com"
and find almost 3,290 websites in search result
http://www.xxx.com/web/database/manager can appear this vulnerability