CVE-2024-48734

Publication date

2024-10-30 00:00:00

Family

mitre

State

PUBLISHED

Description

Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users.