CVE-2023-2533 Information

Description

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF which under specific conditions could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link potentially leading to unauthorized changes.

Reference

https://www.papercut.com/ https://fluidattacks.com/advisories/arcangel/