SQL Injection takes advantage of flawed web application design when web applications are backed by a SQL database. In SQL Injection, malicious scripts or users form SQL queries calculated to cause the database to disclose confidential information such as passwords, credit card numbers, or technical information about the underlying implementation of the web application.
SQL Injection is one of the OWASP Top Ten web application vulnerabilities.