A security vulnerability where untrusted input is incorporated into SQL queries without proper sanitization, allowing attackers to execute arbitrary SQL commands. Prevented by using parameterized queries. (Ch. 27)