CVE-2023-4568

MEDIUM NUCLEI

PaperCut NG <22.0.12 - Unauthenticated RCE

Title source: llm

Description

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

Exploits (1)

nomisec SCANNER

by Cappricio-Securities · poc

https://github.com/Cappricio-Securities/CVE-2023-4568

View Code ZIP pw:eip

Nuclei Templates (1)

PaperCut NG Unauthenticated XMLRPC Functionality

MEDIUMVERIFIEDby DhiyaneshDK

Shodan:

html:"content=\"PaperCut\"" || http.html:'content="papercut' || cpe:"cpe:2.3:a:papercut:papercut_ng" || http.html:"content=\"papercut\""

FOFA: body='content="papercut' || body="content=\"papercut\""

References (1)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2023-31

Scores

CVSS v3 6.5

EPSS 0.7517

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-287

Status published

Products (1)

papercut/papercut_ng < 22.0.12

Published Sep 13, 2023

Tracked Since Feb 18, 2026