EUVD-2025-201253
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Tags
Description
The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP (a ZIP containing another ZIP) where the inner archive contains an executable file (e.g. webshell.php). When the application extracts the uploaded archives, the executable may be extracted into a web-accessible directory. This can lead to remote code execution (RCE), data disclosure, account compromise, or further system compromise depending on the web server/process privileges. The issue arises from insufficient validation of archive contents and inadequate restrictions on extraction targets.
Analysis
The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP (a ZIP containing another ZIP) where the inner archive contains an executable file (e.g. webshell.php). When the application extracts the uploaded archives, the executable may be extracted into a web-accessible directory. This can lead to remote code execution (RCE), data disclosure, account compromise, or further system compromise depending on the web server/process privileges. The issue arises from insufficient validation of archive contents and inadequate restrictions on extraction targets.
Technical Context
Unrestricted file upload allows attackers to upload malicious files (web shells, executables) that can then be executed on the server. This vulnerability is classified as Unrestricted Upload of File with Dangerous Type (CWE-434).
Affected Products
Affected products: E-Point E-Point Cms eagle.gsam-1169.1
Remediation
Validate file types by content (magic bytes), not just extension. Store uploads outside the web root. Use random filenames. Scan uploads for malware.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today