Bug #119470 sql injection
Submitted: 27 Nov 14:30 Modified: 28 Nov 13:05
Reporter: Alex Zimnitski Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S1 (Critical)
Version:8.0.44+ OS:Any
Assigned to: CPU Architecture:Any
Tags: sql injection

[27 Nov 14:30] Alex Zimnitski 
Description:
SQL injection detected

How to repeat:
from console:
mysq>
SELECT
  *
FROM information_schema.TABLES t
WHERE t.TABLE_NAME IN (
'test',
--+ 'test_table'
);
[27 Nov 14:38] Alex Zimnitski 
select * from mysql.user WHERE User = '' --+ '';
[28 Nov 13:05] Roy Lyseng 
Verified as described, as an invalid SQL expressions evaluation.