NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-48733

Summary	SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.
Publication Date	Oct. 31, 2024, 6:15 a.m.
Registration Date	Oct. 31, 2024, noon
Last Update	Nov. 5, 2024, 4:35 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	http://sas.com
2	https://github.com/ACN-CVEs/CVE-2024-48733/blob/ea2da31c3d6e0140edd6a1455e6157b8ba2f7a67/SQL%20injection.pdf

Common Vulnerabilities List