In this example I found that my user can execute the next as root (sudo). the vulnerable part is *
/usr/bin/7za a /var/backups/project.zip -tzip -snl -mmt -- *
To exploit it you only have to create a symbolic file that point to the target file and execute the binary. Finally unzip the file and access to the desired file.
