Summary

{Product} detected that this page is vulnerable to Server-Side Template Injection (SSTI) attacks.

Template engine systems can be placed at the View part of MVC based applications and are used to present dynamic data. Template systems have so called expressions.

SSTI occurs when user-supplied data is embedded inside a template and is evaluated as an expression by the template engine.

This is an important issue and should be addressed as soon as possible.

Impact

An attacker can inject data that can be evaluated as template engine expressions. This may trick a system to execute an arbitrary system command.

Remediation

Do not trust the data that users supply and don't add it to directly into the template. Instead, pass user controlled parameters to the template as template parameters.

Classifications
PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP 2013-A1 , CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

;
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO