SQL Injection (SQLi)

Category: science

A code injection vulnerability occurring when malicious SQL statements are inserted into web application input forms.

SQLi happens when user inputs are concatenated directly into database queries instead of using parameterized inputs. A threat actor can manipulate the form field text to trick the database into executing malicious backend instructions, exposing or deleting entire internal tables.

Common Examples

  • The software audit identified an unparameterized search input that left the legacy directory vulnerable to SQL injection.
  • Using modern ORM engines completely mitigates SQLi risks by forcing all database calls to pass through parameterized safe variables.

AvoCoLab – Community, News & Market Intelligence