Papercut: >> Papercut Mf >> 22.0.10 Security Vulnerabilities
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.
CVSS Score
8.2
EPSS Score
0.758
Published
2023-07-25
CVE-2023-2533
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in
PaperCut NG/MF, which, under specific conditions, could potentially enable
an attacker to alter security settings or execute arbitrary code. This could
be exploited if the target is an admin with a current login session. Exploiting
this would typically involve the possibility of deceiving an admin into clicking
a specially crafted malicious link, potentially leading to unauthorized changes.
Known exploited
CVSS Score
8.4
EPSS Score
0.295
Published
2023-06-20
Page 3