Authentication Bypass Vulnerability in PaperCut NG Allows Arbitrary File Upload

Authentication Bypass Vulnerability in PaperCut NG Allows Arbitrary File Upload

CVE-2023-3486 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.

Learn more about our Web Application Penetration Testing UK.