What is SQL injection? The SQL injection vulnerability allows malicious hackers to inject arbitrary code in SQL queries, thus being able to directly retrieve and alter data stored in a website’s database.