Vlad Drumea points out that SQL injection is still a thing:
SQL injection, also refereed to as SQLi, is a security vulnerability that allows attackers to modify the queries that an application makes to its underlying database.
This type of vulnerability can allow attackers to interact with data that they are not normally able to access, including data belonging to other application users.
For at least a decade, injection attacks were either number one or number two on OWASP’s top 10 list. It dropped all the way to number 3 in 2021. We’ll see how it looks with the 2025 OWASP top 10 application security vulnerabilities list, but in the meantime, check out Vlad’s post.