CVE-2018-1306

2018-06-27T18:29:00
ID CVE-2018-1306
Type cve
Reporter cve@mitre.org
Modified 2019-03-01T19:52:00

Description

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.