H3-2023-0022
PaperCut Arbitrary File Read and Deletion Vulnerability
| Category | VULNERABILITY |
| Base Score | 9.4 |
Description
PaperCut NG/MF versions <= 22.1.2 are vulnerable to multiple issues that allow unauthenticated attackers to read or delete arbitrary files hosted on the PaperCut server.
Impact
Determined attackers can exploit this vulnerability to access or destroy all data hosted on the PaperCut server.
References
- Horizon3.ai: CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability
- Horizon3.ai: Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
- PaperCut NG/MF Security Bulletin (July 2023)
- PaperCut NG Release History
- PaperCut Common Security Questions
- Securing your PaperCut NG/MF Server
- NVD: CVE-2023-39143
- Nuclei: PaperCut < 22.1.3 - Path Traversal