Hi Team!

PaperCut NG/MF is a print server and print management webserver.

A CVE for the Remote Code Execution (RCE) vulnerability on 21 April 2023 (CVE-2023-27350)

Vulnerability:

Application allows for Remote Code Execution on the webserver. The RCE can be used to directly execute commands on the remote Papercut Webserver, or a malicious JAR file can be dropped/executed.

Related Articles:

• https://vulncheck.com/blog/papercut-rce
• https://www.bleepingcomputer.com/news/security/new-papercut-rce-exploit-created-that-bypasses-existing-detections/
• https://thehackernews.com/2023/05/researchers-uncover-new-exploit-for.html

PR for Metasploit Module for PaperCut NG/MR RCE -> https://github.com/rapid7/metasploit-framework/pull/17936/files