ACN-CVEs/CVE-2024-48733

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-48733 ↗	Oct 30, 2024Wednesday, 30 October 2024, 21:15	8.8 HIGH	—
SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.