CVE-2024-4712 Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler

🗓️ 14 May 2024 00:13:47Reported by PaperCutType

Arbitrary file creation in PaperCut NG/MF Web Print on Windows server

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-4712	26 Sep 202404:35	–	circl
CNNVD	PaperCut NG和PaperCut MF 后置链接漏洞	14 May 202400:00	–	cnnvd
CVE	CVE-2024-4712	14 May 202400:13	–	cve
EUVD	EUVD-2024-44309	3 Oct 202520:07	–	euvd
NVD	CVE-2024-4712	14 May 202415:44	–	nvd
Tenable Nessus	PaperCut MF < 23.0.9 Multiple Vulnerabilities	16 Oct 202400:00	–	nessus
Tenable Nessus	PaperCut NG < 23.0.9 Multiple Vulnerabilities	16 Oct 202400:00	–	nessus
RedhatCVE	CVE-2024-4712	5 Feb 202500:07	–	redhatcve
Vulnrichment	CVE-2024-4712 Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler	14 May 202400:13	–	vulnrichment
Zero Day Initiative	PaperCut NG image-handler Directory Traversal Local Privilege Escalation Vulnerability	22 Aug 202400:00	–	zdi

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Web Print"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "PaperCut NG, PaperCut MF",
    "vendor": "PaperCut",
    "versions": [
      {
        "changes": [
          {
            "at": "23.0.9",
            "status": "unaffected"
          }
        ],
        "lessThan": "23.0.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
papercut	www.papercut.com/kb/Main/Security-Bulletin-May-2024/

26 Sep 2024 01:27Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.17.8

EPSS0.00406

CWE-77