CVE-2024-48735 Information

Description

Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download.

Reference

http://sas.com https://github.com/ACN-CVEs/CVE-2024-48735/blob/67e86e12393650e1df16c845ceff487d016f31f0/LFI.pdf