Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-39469

PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.676
EPSS Ranking 98.5%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2023-39469


Contact Us

Shodan ® - All rights reserved