cve/2023/CVE-2023-39143.md

### [CVE-2023-39143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39143)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).

### POC

#### Reference
- https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/

#### Github
- https://github.com/codeb0ss/CVE-2023-39143
- https://github.com/netlas-io/netlas-dorks
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nvn1729/advisories
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-39143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39143)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).`

			`### POC`

			`#### Reference`
			`- https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/`

			`#### Github`
			`- https://github.com/codeb0ss/CVE-2023-39143`
			`- https://github.com/netlas-io/netlas-dorks`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/nvn1729/advisories`