Papercut: >> Papercut Ng >> 16.1 Security Vulnerabilities
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
CVSS Score
8.2
EPSS Score
0.022
Published
2023-04-20
An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector.
CVSS Score
9.8
EPSS Score
0.014
Published
2019-06-06
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-20
Page 3