Published: Wed 30 Oct 2024
SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.
Note: This product uses data from the NVD API but is not endorsed or certified by the NVD.
Stay informed with product updates and security tips delivered to your inbox; no spam.