Name of the Vulnerable Software and Affected Versions Laravel versions prior to 6.20.26 Laravel versions prior to 7.30.5 Laravel versions prior to 8.40.0

Description The issue affects users of SQL Server with Laravel who allow user input to be passed directly to the limit and offset functions, making them vulnerable to SQL injection. Other database drivers like MySQL and Postgres are not affected.

Recommendations For versions prior to 6.20.26, update to version 6.20.26 or later. For versions prior to 7.30.5, update to version 7.30.5 or later. For versions prior to 8.40.0, update to version 8.40.0 or later. As a temporary workaround, ensure that only integers are passed to the limit and offset functions, as well as the skip and take functions.