01642 06 11 11 Arrange Call

Unauthenticated XMLRPC Command Execution Vulnerability in PaperCut NG

CVE-2023-4568 · MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2023-4568

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

Learn more about our Web Application Penetration Testing UK.