Skip to content

H3-2023-0020

PaperCut File Upload Remote Code Execution Vulnerability

Category VULNERABILITY
Base Score 9.8

Description

PaperCut NG/MF versions <= 22.1.2 are vulnerable to multiple issues that allow unauthenticated attackers to read arbitrary files, delete arbitrary files, and potentially upload arbitrary files, leading to remote code execution in certain default configurations. This server's configuration makes it vulnerable to this vulnerability.

Impact

Determined attackers can fully compromise the PaperCut server by exploiting this vulnerability.

References