Описание
SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.
EPSS
Процентиль: 94%
0.12487
Средний
8.8 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
больше 1 года назад
SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request.
EPSS
Процентиль: 94%
0.12487
Средний
8.8 High
CVSS3
Дефекты
CWE-89