Security Advisory

CVE-2024-48733

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-30 00:00:00

Last updated 2024-11-04 18:37:56

Assigner mitre

State PUBLISHED

Description

SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.

← Browse all CVEs View on cve.org ↗