SQL Injection is a type of security vulnerability to web applications. In this attack, an attacker sends malicious SQL code to access or manipulate the web application's database. It is usually accomplished by interfering with the database queries of web applications.

SQL Injection attacks are carried out by inserting unexpected SQL commands into the data input fields of web applications (e.g. form fields or URL parameters). If the application does not filter or sanitize these inputs correctly, the malicious SQL code sent by the attacker can be executed by the database. This can lead to serious security issues such as theft, modification or deletion of data stored in the database.