A great read for anyone running a web based application. This goes to show how important it is to validate user imput before executing it.

"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

See: SQL Injection Attacks by Example