CWE-1336— Improper Neutralization of Special Elements Used in a Template Engine (SSTI)
156 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1336page 1 of 4
- CVE-2018-20465HIGHCVSS 7.2EG 7.22018-12-25
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI F…
- CVE-2021-39128HIGHCVSS 7.2EG 7.22021-09-16
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in t…
- CVE-2021-4315MEDIUMCVSS 5.5EG 5.52023-01-28
A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of s…
- CVE-2021-46703CRITICALCVSS 9.8EG 9.82022-03-06
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only a…
- CVE-2022-0323HIGHCVSS 8.8EG 8.82022-01-21
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.
- CVE-2022-0896HIGHCVSS 8.8EG 8.82022-03-09
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.
- CVE-2022-0944HIGHCVSS 7.2EG 7.22022-03-15
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.
- CVE-2022-23851CRITICALCVSS 9.8EG 9.82025-12-17
Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).
- CVE-2022-25813HIGHCVSS 7.5EG 7.52022-09-02
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list…
- CVE-2022-27662MEDIUMCVSS 4.8EG 4.82022-05-05
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to exec…
- CVE-2022-47896MEDIUMCVSS 5.0EG 7.82022-12-22
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
- CVE-2022-48684HIGHCVSS 8.4EG 8.42024-04-27
An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with acce…
- CVE-2023-2017HIGHCVSS 8.8EG 8.82023-04-17
Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the…
- CVE-2023-2259HIGHCVSS 7.2EG 9.12023-04-24
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
- CVE-2023-27995HIGHCVSS 7.2EG 8.82023-04-11
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.
- CVE-2023-29297CRITICALCVSS 9.1EG 9.12023-06-15
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code executio…
- CVE-2023-34252HIGHCVSS 8.8EG 8.82023-06-14
Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument pass…
- CVE-2023-34253HIGHCVSS 8.8EG 8.82023-06-14
Grav is a flat-file content management system. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily s…
- CVE-2023-34448HIGHCVSS 8.8EG 8.82023-06-14
Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions …
- CVE-2023-41047MEDIUMCVSS 6.2EG 6.22023-10-09
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during renderin…
- CVE-2023-46245HIGHCVSS 7.2EG 7.22023-10-31
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious u…
- CVE-2023-47542MEDIUMCVSS 6.7EG 6.72024-04-09
A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specia…
- CVE-2023-5764HIGHCVSS 7.1EG 7.12023-12-12
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce t…
- CVE-2023-6709HIGHCVSS 8.8EG 8.82023-12-12
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
- CVE-2023-6743HIGHCVSS 8.8EG 8.82024-05-29
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible f…
- CVE-2024-12583CRITICALCVSS 9.9EG 9.92025-01-04
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation …
- CVE-2024-23692CRITICALCVSS 9.8EG 9.8⚠ KEV2024-05-31
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a…
- CVE-2024-24724CRITICALCVSS 9.8EG 9.82024-04-03
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.
- CVE-2024-25624MEDIUMCVSS 6.8EG 6.82024-04-25
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template In…
- CVE-2024-27623MEDIUMCVSS 5.9EG 5.92024-03-05
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
- CVE-2024-28116HIGHCVSS 8.8EG 8.82024-03-21
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbi…
- CVE-2024-30372MEDIUMCVSS 6.3EG 8.82024-11-22
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this v…
- CVE-2024-32406HIGHCVSS 7.5EG 7.52024-04-26
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.
- CVE-2024-32407HIGHCVSS 8.8EG 8.82024-04-22
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.
- CVE-2024-32651CRITICALCVSS 10.0EG 10.02024-04-26
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. …
- CVE-2024-34710HIGHCVSS 7.1EG 7.12024-05-20
Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that cont…
- CVE-2024-35191MEDIUMCVSS 4.4EG 4.42024-05-20
Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code wi…
- CVE-2024-36694HIGHCVSS 7.2EG 8.02024-12-18
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.
- CVE-2024-37301HIGHCVSS 7.2EG 7.22024-06-11
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, whe…
- CVE-2024-37621HIGHCVSS 7.2EG 7.22024-06-17
StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php.
- CVE-2024-38363HIGHCVSS 8.5EG 8.52024-07-09
Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. T…
- CVE-2024-39766HIGHCVSS 7.0EG 7.02024-11-13
Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-4040CRITICALCVSS 9.8EG 9.8⚠ KEV2024-04-22
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authenticatio…
- CVE-2024-41950HIGHCVSS 7.5EG 7.52024-07-31
Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote…
- CVE-2024-42355HIGHCVSS 8.3EG 8.32024-08-08
Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag na…
- CVE-2024-42356HIGHCVSS 8.3EG 8.32024-08-08
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also …
- CVE-2024-45053CRITICALCVSS 9.1EG 9.12024-09-04
Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Se…
- CVE-2024-46366HIGHCVSS 8.8EG 8.82024-09-27
A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to pri…
- CVE-2024-48962HIGHCVSS 8.8EG 7.52024-11-18
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 1…
- CVE-2024-54954HIGHCVSS 8.0EG 8.02025-02-10
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.
Map vulnerabilities like CWE-1336 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1336 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →