SQL Injection (SQLi) is a vulnerability where an attacker can manipulate SQL queries by injecting malicious input, allowing unauthorized interaction with the database.
- Reading sensitive data from the database (users, passwords, private information)
- Authentication bypass (login bypass)
- Database modification or deletion
- Remote Code Execution in some cases (depending on DB configuration and privileges)