CVE-2023-39143

CRITICAL EXPLOITED NUCLEI

PaperCut NG/MF <22.1.3 - Path Traversal

Title source: llm

Description

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).

Exploits (1)

nomisec WORKING POC
by foregenix · poc
https://github.com/foregenix/CVE-2023-39143

Nuclei Templates (1)

PaperCut < 22.1.3 - Path Traversal
CRITICALVERIFIEDby pdteam
Shodan: html:"content=\"PaperCut\"" || http.html:"papercut" || http.html:"content=\"papercut\"" || cpe:"cpe:2.3:a:papercut:papercut_mf"
FOFA: body="papercut" || body="content=\"papercut\""

References (2)

Scores

CVSS v3 9.8
EPSS 0.8818
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-10-17
CWE
CWE-22
Status published
Products (2)
papercut/papercut_mf < 22.1.3
papercut/papercut_ng < 22.1.3
Published Aug 04, 2023
Tracked Since Feb 18, 2026