Code injection is a cyberattack technique where an attacker inserts malicious code into a trusted program or process to make it behave in unintended—and often harmful—ways. The goal is to manipulate or take control of the system, access data, or execute unauthorized actions.
Common types include:
- SQL injection – Targets databases by inserting malicious SQL commands.
- Command injection – Injects system commands through insecure inputs.
- Script injection – Often seen in web apps (like XSS), injecting JavaScript into webpages.
- DLL injection – Loads a malicious dynamic link library into a running process on Windows.
Code injection is dangerous because it exploits weak input validation and can lead to data theft, system compromise, or full remote control.