Security SQL Injection in SQL Server LIMIT & OFFSET

Taylor Otwell
Taylor Otwell

Today we have released security patches via Laravel 6.20.26 and 8.40.0. These patches resolve a security vulnerability that allowed SQL injection when unfiltered user input was passed directly to the limit and offset methods of the Laravel query builder and the user was also using Microsoft SQL Server as their database.

Other database drivers such as MySQL and Postgres do not appear to be affected by this problem at this time.

All Laravel users are encouraged to update immediately, or, if you are unable to update to these versions, ensure that you are only passing integers to the limit and offset methods.

This security vulnerability has been published as a GitHub security advisory:

We offer comprehensive and reliable services of software development company in London You can contact us at: +44 (0)207 1015034

Taylor Otwell
Taylor Otwell

Latest Stories

Here’s what we've been up to recently.

Request a code sample

Certified Quality. Great Prices

We use cookies to improve your experience and to help us understand how you use our site. By using this site, you accept our use of cookies. Cookie Infox