I wonder how many web sites will get effected because of this issue. Stefan Esser has a great write up here and the wordpress exploit here.
the following may help you understand this issue better:-
mysql> create table users (username varchar(10), password varchar(20));
Query OK, 0 rows affected (0.12 sec)
mysql> insert into users values('admin','Passw0rd');
Query OK, 1 row affected (0.02 sec)
mysql> select * from users where username ='admin';
+----------+----------+
| username | password |
+----------+----------+
| admin | Passw0rd |
+----------+----------+
1 row in set (0.01 sec)
mysql> insert into users values('admin a','Passw0rd');
Query OK, 1 row affected, 1 warning (0.00 sec)
mysql> select * from users where username ='admin';
+------------+----------+
| username | password |
+------------+----------+
| admin | Passw0rd |
| admin | Passw0rd |
+------------+----------+
2 rows in set (0.00 sec)