H3-2023-0020
PaperCut File Upload Remote Code Execution Vulnerability
| Category | VULNERABILITY |
| Base Score | 9.8 |
Description
PaperCut NG/MF versions <= 22.1.2 are vulnerable to multiple issues that allow unauthenticated attackers to read arbitrary files, delete arbitrary files, and potentially upload arbitrary files, leading to remote code execution in certain default configurations. This server's configuration makes it vulnerable to this vulnerability.
Impact
Determined attackers can fully compromise the PaperCut server by exploiting this vulnerability.
References
- Horizon3.ai: CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability
- Horizon3.ai: Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
- PaperCut NG/MF Security Bulletin (July 2023)
- PaperCut NG Release History
- PaperCut Common Security Questions
- Securing your PaperCut NG/MF Server
- NVD: CVE-2023-39143
- Nuclei: PaperCut < 22.1.3 - Path Traversal