Linux Today: Linux News On Internet Time.

More on LinuxToday

NewsForge: MySQL Addresses SQL Injection Vulnerability

Jun 02, 2006, 15:15 (0 Talkback[s])
(Other stories by Joe Brockmeier)

"MySQL AB has issued updates to its MySQL 4.1 and 5.0 series to address a SQL injection vulnerability. MySQL's action follows the PostgreSQL project's release last week to address the same issues.

"The vulnerability was discovered by the PostgreSQL project and passed to MySQL via the Open Source Database Consortium. The vulnerability lies in the mysql_real_escape_string() function. When unsanitized user-supplied data, such as information taken from a Web form, is stored in a MySQL database, it's possible for a malicious user to supply a malformed multibyte character that would cause MySQL to execute arbitrary code..."

Complete Story

Related Stories: