CSRF Vulnerability in PaperCut NG/MF Allows Unauthorized Changes and Code Execution

CSRF Vulnerability in PaperCut NG/MF Allows Unauthorized Changes and Code Execution

CVE-2023-2533 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.

Learn more about our Web Application Penetration Testing UK.