CVE-2023-2533 – PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF

https://notcve.org/view.php?id=CVE-2023-2533

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes. • https://fluidattacks.com/advisories/arcangel https://www.papercut.com/kb/Main/SecurityBulletinJune2023 • CWE-352: Cross-Site Request Forgery (CSRF) •