Skip to main content

The PaperCutNG Mobility Print 1.0.3512 application has been identified to have a cross-site request forgery vulnerability that leads to sophisticated phishing attacks.

This vulnerability exists because the application lacks CSRF defenses such as anti-CSRF tokens, header origin validation, same-site cookies, etc.

The Cross-Site Request Forgery (CSRF) attack pushes authenticated users to send requests to Web applications that they are already authorized to access. CSRF attacks take advantage of the trust a Web application has in a verified user.

Details of the Vulnerability

The vulnerability is tracked as CVE-2023-2508 with a CVSS base score of 5.3.

According to the information shared in Fluidattacks, an unauthenticated attacker can launch a CSRF attack against an instance administrator using the PaperCutNG Mobility Print version 1.0.3512 application to configure the client’s host.  more here

If you like something I've posted please feel free to click the "like" button!

Original Post

Add Reply

Post
×
×
×
×
Link copied to your clipboard.
×
×