Definition
SQL injection vulnerability is a way to cause database commands to be executed on a remote server. Such command execution can cause information leakage, provide a vector for vandalism, or enable injection of malicious content that will subsequently be transmitted to a victim.
Overview
Like cross-site scripting vulnerabilities, SQL injection vulnerabilities are a result of improper filtering.
External resources
- MS-ISAC, SQL Injection (Jan. 23, 2013) (full-text full-text).