SQL injection has been around since databases first appeared on the internet. When a web app allows anyone to pass data straight into database queries without that input being rendered safe through sanitization and filtering, that’s a SQLi vulnerability right there. This kind of bug can be exploited to command the database to do things – such as cough up all of its contents – that the web application should prevent from happening.