CVE-2024-53619

Published: Nov 26, 2024Modified: Jul 7, 2025

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.

Affected (1)

Products: Spip: Spip

Spip

1 product

Spip

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Spip Spip	Version 4.3.3

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://grimthereaperteam.medium.com/spip-4-3-3-malicious-file-upload-xss-in-pdf-526c03bb1776

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.