The host is installed with PaperCut NG before 20.1.10, 21.x before 21.2.14, 22.x before 22.1.5, or 23.x before 23.0.7 and is prone to a server side request forgery vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to make an HTTP request look like it came from a PaperCut NG/MF application server.