Injection attacks insert malicious code into interpreters — SQL injection, LDAP injection, OS command injection, XPATH injection, NoSQL injection.
Injection is consistently #1 or #2 in OWASP Top 10. Root cause: user input concatenated directly into commands/queries. Fix: parameterized queries/prepared statements, input validation, principle of least privilege for application accounts.