CVE-2024-48733 Information

Description

SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request.

Reference

http://sas.com https://github.com/ACN-CVEs/CVE-2024-48733/blob/ea2da31c3d6e0140edd6a1455e6157b8ba2f7a67/SQL%20injection.pdf