SQL injection is a type of cyber attack that exploits a vulnerability in the way a website or application interacts with a database. It allows an attacker to insert malicious code into a SQL statement, which is then executed by the database. This can give the attacker access to sensitive information, such as passwords, personal data, and even financial information.