A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach.....
6.5CVSS
7.2AI Score
0.001EPSS
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common...
9.8CVSS
9.8AI Score
0.954EPSS
An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified...
9.8CVSS
8.5AI Score
0.034EPSS
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka...
9.8CVSS
7.7AI Score
0.002EPSS
Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown...
6.6AI Score
0.003EPSS
Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified...
7.3AI Score
0.002EPSS