Code Injection Beyond SQL
November 23, 2006
Code Injection Beyond SQL: "XML and LDAP could be as prone to a malicious injection of code as a SQL database on the backend of a web application. Command execution on a poorly secured application could happen as well."
source
source