An attacker is able to perform an SQL injection via a specially crafted input.