Explanation:
SQL Injection (SQLi) is a web security vulnerability that allows attackers to interfere with the queries a web application makes to its database.

By injecting malicious SQL code into input fields, attackers can gain unauthorized access to database information, such as user credentials, financial data, and sensitive company records.

SQL injection attacks often occur when input fields lack proper validation and are not protected by parameterized queries or prepared statements.

Additional Information:
There are different types of SQL injection attacks, including blind SQLi, error-based SQLi, and union-based SQLi. They can result in data leaks, data modification, or even administrative access to the system.

To mitigate SQL injection vulnerabilities, developers must use parameterized queries, input validation, and database security controls. Web Application Firewalls (WAF) also help block SQL injection attempts.

Formal Definition:
SQL Injection (SQLi) is a security vulnerability in web applications where attackers execute arbitrary SQL commands to manipulate databases and gain unauthorized access to sensitive data.