Is CVE-2018-1306 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Pluto

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file uplo…

EPSS: 0.690 (98.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Pluto — versions 3.0.0

Public proof-of-concept exploits

Imsol0/APACHE-CVE-2018-1306-Lab-project
JJSO12/Apache-Pluto-3.0.0--CVE-2018-1306
0xT11/CVE-POC
developer3000S/PoC-in-GitHub
hectorgie/PoC-in-GitHub

References

45396 (exploit, x_refsource_EXPLOIT-DB)
portals.apache.org/pluto/security.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-1306?: CVE-2018-1306 is a vulnerability in Apache Software Foundation Pluto. Published 2018-06-27.
Is CVE-2018-1306 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.