[pkg-php-pear] Bug#987831: php-illuminate-database: Security issue: SQL injection with Microsoft SQL Server

Robin Gustafsson robin at rgson.se
Fri Apr 30 15:07:32 BST 2021

Package: php-illuminate-database
Version: 6.20.14+dfsg-1
Severity: important
Tags: security

Upstream has published a security advisory [1,2] regarding an SQL
injection vulnerability when used with Microsoft SQL Server.

The vulnerability was fixed upstream in version 6.20.26 and 8.40.0.

[1] https://blog.laravel.com/security-sql-injection-in-sql-server-limit-offset
[2] https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j

More information about the pkg-php-pear mailing list