Injection happens when untrusted data is send to an interpreter as a part of
command or query. By executing the command attacker can access data without proper authorization.
There are many types of injection like: SQL, OS, LDAP, XPath, XML and HTML.
Mitigation: Input validation, data sanitization, always use parameterized query instead of dynamic query, always set least privilege, proper error handing (Not disclose sensitive information).