Reflection injections occur in a web application when it retrieves data from a
user or a third-party service and fully or partially uses it to inspect, load
or invoke a component by name.

If an application uses a reflection method in a way that is vulnerable to
injections, it is exposed to attacks that aim to achieve remote code execution
on the server's website.

A user with malicious intent exploits this by carefully crafting a string
involving symbols such as class methods, that will help them change the
initial reflection logic to an impactful malicious one.

After creating the malicious request and triggering it, the attacker can attack
the servers affected by this vulnerability without relying on any
pre-requisites.