Although a common problem with web applications, this vulnerability can affect any application that communicates with a database management system via Structured Query Language.

A SQL injection occurs when the application fails to properly sanitize user-supplied input used in SQL queries. In this way an attacker can manipulate the SQL statement that is passed to the back-end database management system. This statement will run with the same permissions as the application that executed the query.