Arbitrary File Write and Delete Vulnerability in SonicJS through 0.6.0

Arbitrary File Write and Delete Vulnerability in SonicJS through 0.6.0

CVE-2022-42002 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.

Learn more about our Web Application Penetration Testing UK.