Published: 27/06/2018 Updated: 01/03/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote malicious user to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache pluto 3.0.0

# Exploit Title: Apache Portals Pluto 300 - Remote Code Execution # Date: 2018-09-12 # Exploit Author: Che-Chun Kuo # Vendor Homepage: portalsapacheorg/pluto/ # Software Link: archiveapacheorg/dist/portals/pluto/ # Version: 300 # Tested on: Windows # Advisory: portalsapacheorg/pluto/securityhtml # Other Vulnerabili ...

Apache Portals Pluto version 300 suffers from a remote code execution vulnerability ...

CVE-2018-1306 Apache Pluto 300 issue in the authorisation logic which lets attacker upload malicious files by tampering HTTP methods Script written in python3 Usage: python3 /plutorcepy 19216801/ webshelljsp

CWE-200 http://portals.apache.org/pluto/security.html https://www.exploit-db.com/exploits/45396/https://nvd.nist.gov https://github.com/JJSO12/Apache-Pluto-3.0.0--CVE-2018-1306 https://www.exploit-db.com/exploits/45396/

CVE-2018-1306

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect