GHSA-wq8p-mqvg-2p5h: laravel framework SQL Injection via limit and offset functions

May 15, 2024

Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability.

References

github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2021-04-28.yaml
github.com/advisories/GHSA-wq8p-mqvg-2p5h
github.com/laravel/framework
github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j

Code Behaviors & Features

Detect and mitigate GHSA-wq8p-mqvg-2p5h with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →