CAPEC-66: SQL Injection

A Structured Query Language injection is a cybersecurity attack technique or vulnerability where malicious variants of SQL statements are

An SQL injection is an attack which exploits how the requests to the database are formed Instead of submitting a username and password, the attacker can submit

sql An SQL injection attack uses malicious SQL code for backend database manipulation to access private information This information may include sensitive company

sql injection Unauthorized data manipulation: SQL injection can allow an application user to insert, modify, or delete data that he is not authorized to do