Primary

Context

EAP Legislator Path Traversal Vulnerability in File Extraction Functionality

Vulnerability

A path traversal vulnerability has been identified in EAP Legislator, a popular legal document editing software by ABC PRO. This vulnerability affects all versions prior to 2.25a. It allows an attacker to create a zipx archive, the default file type for the application, and specify an arbitrary extraction path outside the intended directory. For example, files could be extracted to the system's startup folder. The issue arises when the victim opens the manipulated archive, leading to unauthorized file extraction.

Impact

Exploitation of this vulnerability could result in unauthorized file extraction to arbitrary locations on the victim's system, potentially leading to further exploitation or information disclosure.

Remediation

Users can upgrade to EAP Legislator version 2.25a or later to address this vulnerability.

Added: Feb 2, 2026, 2:21 PM

Updated: Feb 2, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

4.2

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

4.2

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EAP Legislator Path Traversal Vulnerability in File Extraction Functionality

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating