Security: SQL Injection in SQL Server "LIMIT" / &quot

Source: blog.laravel.com

Security: SQL Injection in SQL Server "LIMIT" / &quot

Category: Laravel, MySQL

Today we have released security patches via Laravel 6.20.26 and 8.40.0. These patches resolve a security vulnerability that allowed SQL injection when unfiltered user input was passed directly to the limit and offset methods of the Laravel query builder and the user was also using Microsoft SQL Server as their database. Other database drivers such as MySQL and Postgres do not appear to be affected by this problem at this time. All Laravel users are encouraged to update immediately, or, if you are unable to update to these versions, ensure that you are only passing integers to the limit and offset methods. This security vulnerability has been published as a GitHub security advisory: https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j
Read Full Article On blog.laravel.com
Shirts painstakingly handcrafted by under-caffeinated developers.
Newsletter

Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week

Glimpse streamlines Laravel development by seamlessly deploying GitHub pull requests to preview environments with the help of Laravel Forge.

Glimpse

Glimpse streamlines Laravel development by seamlessly deploying GitHub pull requests to preview environments with the help of Laravel Forge.
Fathom Analytics | Fast, simple and privacy-focused website analytics.

Fathom Analytics

Fathom Analytics | Fast, simple and privacy-focused website analytics.
Shirts painstakingly handcrafted by under-caffeinated developers.

Syntax Error

Shirts painstakingly handcrafted by under-caffeinated developers.
Community Partners
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Digital Ocean

Koho

Become a Partner?
Laravel/PHP Careers
    • Add a Job?