Injection is sending untrusted data to an application as a part of a command or query. Injection tricks the interpreter, a computer program that executes directly the instructions, to run the data in order to break access control or perform an unintended command.
Injection is now the most prevalent vulnerability and almost any source of data can be an injection vector.
The general solutions involve code reviews, white- or black-listing, command parametrization, using safe APIs, supporting detection with automatic scanning in Continuous Integration pipeline, and more.
Injection security risk is complex and requires meticulous analysis to mitigate.