What are injection attacks?

In an injection attack, the attacker causes the application to treat user-supplied data as if it were an instruction to perform some kind of action.
That is, they enter malicious content in a field, submit it in a query, or even upload it in a file, and this content then causes the application to perform an action of their choice.