{"id":"CVE-2024-53619","details":"An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.","modified":"2026-04-10T05:18:23.379637Z","published":"2024-11-26T19:15:30.727Z","references":[{"type":"EVIDENCE","url":"https://grimthereaperteam.medium.com/spip-4-3-3-malicious-file-upload-xss-in-pdf-526c03bb1776"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.3.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53619.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}