Security SQL Injection in SQL Server LIMIT & OFFSET

Taylor Otwell
Taylor Otwell

Today we have released security patches via Laravel 6.20.26 and 8.40.0. These patches resolve a security vulnerability that allowed SQL injection when unfiltered user input was passed directly to the limit and offset methods of the Laravel query builder and the user was also using Microsoft SQL Server as their database.

Other database drivers such as MySQL and Postgres do not appear to be affected by this problem at this time.

All Laravel users are encouraged to update immediately, or, if you are unable to update to these versions, ensure that you are only passing integers to the limit and offset methods.

This security vulnerability has been published as a GitHub security advisory: https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j

We offer comprehensive and reliable services of software development company in London You can contact us at: +44 (0)207 1015034

Taylor Otwell
Taylor Otwell

Latest Stories

Here’s what we've been up to recently.

View all
What’s New in Laravel 9 Upgrade: Deep Dive into the Latest Version

What’s New in Laravel 9 Upgrade: Deep Dive into the Latest Version

Taylor Otwell
Alex Stevens

Laravel 10: New Features and Latest Updates

Laravel 10: New Features and Latest Updates

Taylor Otwell
Alex Stevens

5 Tips to Maximise Your Content With an SEO Agency in 2023

5 Tips to Maximise Your Content With an SEO Agency in 2023

Taylor Otwell
Alex Stevens

Request a code sample

Certified Quality. Great Prices

Trustpilot
We use cookies to improve your experience and to help us understand how you use our site. By using this site, you accept our use of cookies. Cookie Infox