MYSQL COMMAND-LINE CLIENT HTML INJECTION VULNERABILITY
Users are advised to install the available patch from
If another resolution is not feasible, users are advised to modify their
SELECT statements to filter out the characters < and &:
SELECT REPLACE(REPLACE(...,'&','&'),'<','<') AS ...;
This workaround is incompatible with the described resolution and should
be reversed after installation of the patch.
2007-04-17 Opened bug on mysql.com
2008-05-01 Patch available
The bug is filed on http://bugs.mysql.com/bug.php?id=27884.
This advisory is available from