---

NewsForge: MySQL Addresses SQL Injection Vulnerability

“MySQL AB has issued updates to its MySQL 4.1 and 5.0 series to
address a SQL injection vulnerability. MySQL’s action follows the
PostgreSQL project’s release last week to address the same
issues.

“The vulnerability was discovered by the PostgreSQL project and
passed to MySQL via the Open Source Database Consortium. The
vulnerability lies in the mysql_real_escape_string() function. When
unsanitized user-supplied data, such as information taken from a
Web form, is stored in a MySQL database, it’s possible for a
malicious user to supply a malformed multibyte character that would
cause MySQL to execute arbitrary code…”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis