Description
PaperCut NG and MF before version 22.1.3 contain a path traversal vulnerability that allows unauthenticated attackers to read, delete, or upload arbitrary files on the server.
Remediation
Upgrade to the latest version of PaperCut
References
PaperCut NG/MF Security Bulletin (July 2023)
CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability
Related Vulnerabilities
PostgreSQL Improper Access Control Vulnerability (CVE-2019-10128)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1648)
Atlassian Confluence Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6342)
MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901)