Описание
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 22.1.3 (исключая)Версия до 22.1.3 (исключая)
Одновременно
Одно из
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.88521
Высокий
9.8 Critical
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.
EPSS
Процентиль: 99%
0.88521
Высокий
9.8 Critical
CVSS3
Дефекты
CWE-22
CWE-22