An SQL injection attack is a malicious exploit where an attacker injects unauthorized SQL code into input fields of a web application, aiming to manipulate the application’s database. By manipulating input parameters, attackers can trick the application into executing unintended SQL commands.
Source: Veracode