SQL Server Remote Code Execution Vulnerability
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
8.8