SQL injection attack
nounid
4218·updated May 9, 2026candidate
An exploit of target software that constructs structure query language (SQL) statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database.
MWE
Classifications
Entity Type
Threat90%rule-basedr:entity.threat.attack.v1
Sensitivity
unclassified
Information Class
unclassified
Variants
- plural
- SQL injection attacks
- possessive
- SQL injection attack's
- pluralpossessive
- SQL injection attacks'
Framework definitions
Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook Infobase, Glossary1 senseview framework →
- §1
- An exploit of target software that constructs structure query language (SQL) statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database.
Outgoing relationships
No outgoing triples
This term is not the subject of any RDF-style relationship yet.
Incoming relationships
No incoming triples
No other term currently asserts a relationship to this one.