MySQL 5.0.x < 5.0.93 and 5.1.x < 5.1.50 - SQL Injection via Executable Comment Feature
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.