CVE-2023-4568

MEDIUM NUCLEI

PaperCut NG <22.0.12 - Unauthenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4568. PoCs published by Cappricio-Securities. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python-based scanner for detecting CVE-2023-4568, an unauthenticated XMLRPC vulnerability in PaperCut NG. The tool checks for the presence of the vulnerability by sending crafted requests to the target URL and analyzing the response.

Description

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

Exploits (1)

nomisec SCANNER

by Cappricio-Securities · poc

https://github.com/Cappricio-Securities/CVE-2023-4568

View Code ZIP pw:eip

This repository contains a Python-based scanner for detecting CVE-2023-4568, an unauthenticated XMLRPC vulnerability in PaperCut NG. The tool checks for the presence of the vulnerability by sending crafted requests to the target URL and analyzing the response.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: PaperCut NG

No auth needed

Prerequisites: Target URL or list of URLs to scan

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

PaperCut NG Unauthenticated XMLRPC Functionality

MEDIUMVERIFIEDby DhiyaneshDK

Shodan:

html:"content=\"PaperCut\"" || http.html:'content="papercut' || cpe:"cpe:2.3:a:papercut:papercut_ng" || http.html:"content=\"papercut\""

FOFA: body='content="papercut' || body="content=\"papercut\""

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://www.tenable.com/security/research/tra-2023-31

Scores

CVSS v3 6.5

EPSS 0.0357

EPSS Percentile 87.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (1)

papercut/papercut_ng < 22.0.12

Published Sep 13, 2023

Tracked Since Feb 18, 2026