CVE-2023-33690 Information

Description

SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS.

Reference

https://github.com/lane711/sonicjs/pull/183 https://youtu.be/6ZuwA9CkQLg