MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html
bugs.mysql.com/bug.php?id=17667
rst.void.ru/papers/advisory39.txt
secunia.com/advisories/19034
secunia.com/advisories/19502
secunia.com/advisories/19814
secunia.com/advisories/20241
secunia.com/advisories/20253
secunia.com/advisories/20333
secunia.com/advisories/20625
secunia.com/advisories/30351
securitytracker.com/id?1015693
www.debian.org/security/2006/dsa-1071
www.debian.org/security/2006/dsa-1073
www.debian.org/security/2006/dsa-1079
www.mandriva.com/security/advisories?name=MDKSA-2006:064
www.redhat.com/support/errata/RHSA-2006-0544.html
www.redhat.com/support/errata/RHSA-2007-0083.html
www.redhat.com/support/errata/RHSA-2008-0364.html
www.securityfocus.com/bid/16850
www.ubuntu.com/usn/usn-274-2
www.vupen.com/english/advisories/2006/0752
exchange.xforce.ibmcloud.com/vulnerabilities/24966
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9915
usn.ubuntu.com/274-1/