14 DAY TRIAL // Last week, Georgian security researcher Ucha Gobejishvili identified a security hole that affected the MySQL website. He reported his findings to MySQL and the SQL Injection vulnerability was addressed in a fairly short amount of time.
“I sent them this vulnerability and they fixed it, I have published a picture where you can see vulnerability,” Gobejishvili told Softpedia in an email.
“This vulnerability affected http://lists.mysql.com/bugs. The impact of this vulnerability: an attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of the database and expose sensitive information,” he added.
SQL Injection vulnerabilities are highly common these days and, as it turns out, they can affect even high-profile websites.
The flaw allows cybercriminals to alter backend SQL statements by manipulating content input by the user. Veracode Senior Security Researcher Ryan O'Boyle has recently released a great video to explain such bugs and ways to patch them.