Barracuda Networks was recently the victim of a SQL injection attack, as noted on their blog. Today they posted a follow up with some details as to how the attack occurred. And while this was a PHP site, the risk and lessons are just as important for anyone using languages that allow for dynamic SQL creation, including ColdFusion.