Which OWASP Top 10 vulnerability occurs when an attacker inserts malicious SQL code into an input field that is directly passed to a database query?