MySQL AB has issued updates to its MySQL 4.1 and 5.0 series to address a SQL injection vulnerability. MySQL´s action follows the PostgreSQL project´s release last week to address the same issues.
The vulnerability was discovered by the PostgreSQL project and passed to MySQL via the Open Source Database Consortium. The vulnerability lies in the mysql_real_escape_string() function. When unsanitized user-supplied data, such as information taken from a Web form, is stored in a MySQL database, it´s possible for a malicious user to supply a malformed multibyte character that would cause MySQL to execute arbitrary code.Read Full Story