SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.