The PaperCutNG Mobility Print 1.0.3512 application has been identified to have a cross-site request forgery vulnerability that leads to sophisticated phishing attacks.
This vulnerability exists because the application lacks CSRF defenses such as anti-CSRF tokens, header origin validation, same-site cookies, etc.
The Cross-Site Request Forgery (CSRF) attack pushes authenticated users to send requests to Web applications that they are already authorized to access. CSRF attacks take advantage of the trust a Web application has in a verified user.
Details of the Vulnerability
The vulnerability is tracked as CVE-2023-2508 with a CVSS base score of 5.3.
According to the information shared in Fluidattacks, an unauthenticated attacker can launch a CSRF attack against an instance administrator using the PaperCutNG Mobility Print version 1.0.3512 application to configure the client’s host. more here