Which attack exploits vulnerabilities in a web application to execute unauthorized commands?

The attack that exploits vulnerabilities in a web application to execute unauthorized commands is the SQL-Injection Attack. SQL injection occurs when an attacker manipulates a web application's database queries by injecting malicious SQL code through input fields that are not properly sanitized. This allows the attacker to retrieve, modify, or delete data, and even execute administrative operations on the database.

The attack leverages flaws in the application's code and can lead to significant data breaches or loss of integrity in the database's information. Effective defenses against SQL Injection typically involve using prepared statements or parameterized queries, validating user inputs, and employing web application firewalls to detect and block such attempts.

Understanding SQL injection is crucial for anyone involved in cybersecurity, as it highlights the importance of robust coding practices and the need for regular security testing of web applications.