Papercut : Security Vulnerabilities, CVEs, CVSS score >= 9

CVE-2023-39143

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).
Max CVSS
9.8
EPSS Score
93.88%
Published
2023-08-04
Updated
2023-08-08

CVE-2023-27350

Known exploited
Public exploit
Used for ransomware
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
Max CVSS
9.8
EPSS Score
97.20%
Published
2023-04-20
Updated
2023-06-07
CISA KEV Added
2023-04-21

CVE-2019-12135

An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector.
Max CVSS
9.8
EPSS Score
3.44%
Published
2019-06-06
Updated
2020-08-24

CVE-2019-8948

PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
Max CVSS
9.8
EPSS Score
0.21%
Published
2019-02-20
Updated
2019-02-21
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close