3. Code Injection
If websites lack validation, they could be the next subject of code injection. This happens when code gets injected into a program or application with the aim of changing the course of accomplishment. They can be fatal for the website; they can totally destroy it or steal valuable user information.
This injection flaw occurs when an application sends some unverified data to the receiver. These flaws are often to be found in SQL, XPath, LDAP or NoSQL queries; XML parsers, OS commands, SMTP Headers, program arguments, etc. You can find them by scanners and fuzzers.
