Josh Berkus

**Name of the Vulnerable Software and Affected Versions** MySQL versions 4.1.x through 4.1.19 MySQL versions 5.0.x through 5.0.21 **Description** A SQL injection issue allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK. The issue arises because these character sets are not properly handled when the `mysql real escape` function is used to escape the input. **Recommendations** For MySQL versions 4.1.x through 4.1.19, update to version 4.1.20 or later. For MySQL versions 5.0.x through 5.0.21, update to version 5.0.22 or later.