Index: wp-includes/formatting.php
===================================================================
--- wp-includes/formatting.php	(revision 6677)
+++ wp-includes/formatting.php	(working copy)
@@ -1164,6 +1164,15 @@
 	$safe_text = wp_specialchars($text, true);
 	return apply_filters('attribute_escape', $safe_text, $text);
 }
+/**
+ * Escapes text for SQL LIKE special characters % and _
+ *
+ * @param string text the text to be escaped
+ * @return string text, safe for inclusion in LIKE query
+ */
+function like_escape($text) {
+	return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
+}
 
 function wp_make_link_relative( $link ) {
 	return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link );
Index: wp-admin/includes/template.php
===================================================================
--- wp-admin/includes/template.php	(revision 6677)
+++ wp-admin/includes/template.php	(working copy)
@@ -268,8 +268,9 @@
 
 	$args = array('offset' => $start, 'number' => $pagesize, 'hide_empty' => 0);
  
-	if ( !empty( $searchterms ) )
-		$args['name__like'] = '%' . $searchterms;
+	if ( !empty( $searchterms ) ) {
+		$args['name__like'] = '%' . like_escape( $searchterms );
+	}
 
 	$tags = get_terms( 'post_tag', $args );