SQL injection is a type of cyber attack where an attacker exploits vulnerabilities in an application's software by inserting malicious SQL code into input fields to manipulate the database. This can result in unauthorized access to sensitive data, data corruption, or even complete control over the database server.