What vulnerability is characterized by injecting malicious SQL queries into an application?

SQL Injection is a type of security vulnerability that occurs when an attacker is able to manipulate a web application's database query by injecting malicious SQL code. This typically happens when user input is not properly sanitized and is included directly in the SQL statements executed by the application.

When an application fails to validate and sanitize input from users, it can allow attackers to input arbitrary code, which then gets executed by the SQL server. For instance, an attacker might enter SQL commands that not only retrieve data but can also alter or delete records, giving them unauthorized access to sensitive information or compromising the integrity of the database.

This vulnerability underscores the importance of using parameterized queries or prepared statements, as well as proper data validation, to defend against such types of attacks. In contrast, while other vulnerabilities such as Cross-Site Scripting (XSS), Buffer Overflow, and Directory Traversal each exploit different weaknesses in applications, SQL Injection specifically targets and manipulates SQL databases.