Any application that allows the user to type in data is vulnerable. Only if the application allowed users to click buttons or make pre-set selections would this not be a problem.

Even entering a name in a field, I could enter Jones';shutdown and stop the server if you were vulnerable to Injection.