CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
SQL injections is very widespread on the internet. This is also a very well documented attack on the Internet, and it is easy to find tools that automate this attack without having to know exactly how it works.
An SQL injection consists of sending arbitrary code in form inputs to modify the normal behavior of the application. It is used by attackers to bypass authentication, concatenate SQL queries to steal data, erase data from the database, ...
|Consequences||Data loss, Security bypass|
|Ease of Detection||Easy|