Injection flaws can happen when an attacker can inject and execute a custom command in the backend because of missing sanitization. In this chapter, you've seen SQL Injection and Command Injection but there are more, for example, LDAP, XPath, NoSQL, Object Relational Mapping (ORM) tool, XML Parsers, and SMTP Headers (and the list is increasing over time).