Is it possible to perform a SQL Injection on a application that uses Entity Framework?

Heed this:

It is quite easily possible if the developer uses EF as a wrapper around ADO.NET and uses FromSQL. Of course, this is not the intended nor normal use of EF, but I have seen it – Camilo Terevinto

REF: Raw SQL Queries

Additionally, while not really "sql injection", since one of the goals of such is to somewhat alter your data by altering your raw sql to produce some unintended result, you should also be aware of ASP.NET - Overposting/Mass Assignment Model Binding Security

Sample taken straight from link:

You model/class:

public class Person
{
    public int ID { get; set; }
    public string First { get; set; }
    public string Last { get; set; }
    public bool IsAdmin { get; set; }
}

Somewhere in your Controller:

[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(Person person)
{
    if (ModelState.IsValid)
    {
        _context.Add(person);
        await _context.SaveChangesAsync();
        return RedirectToAction("Index");
    }
    return View(person);
}

If a theoretical EvilUser found out that Person had an "IsAdmin" property, they could "overpost" and add a field to the HTTP POST and set IsAdmin=true. There's nothing in the code here to prevent that.

So "evil user" doesn't even need to figure out sql injection to do some unintended result. Read up on the article on ways to prevent it (e.g. BindAttribute, View Models).

Hth.