Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Deletion in PaperCut NG/MF Web Print Hot folder
Vulnerability Description
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Update: This CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin. Note: This CVE has been split from CVE-2024-3037.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
PaperCut NG/MF 安全漏洞
Vulnerability Description
PaperCut NG/MF是PaperCut公司的一个打印管理系统。 PaperCut NG/MF存在安全漏洞。攻击者利用该漏洞可以通过web-print-hot-folder直接在服务器上执行低权限代码。
CVSS Information
N/A
Vulnerability Type
N/A