CWE-1336
AllowedImproper Neutralization of Special Elements Used in a Template Engine
Abstraction: Base · Status: Incomplete
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
313 vulnerabilities reference this CWE, most recent first.
GHSA-3JGV-PFQJ-V626
Vulnerability from github – Published: 2024-04-26 06:30 – Updated: 2024-07-03 18:36Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.
{
"affected": [],
"aliases": [
"CVE-2024-32406"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-26T04:15:09Z",
"severity": "HIGH"
},
"details": "Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.",
"id": "GHSA-3jgv-pfqj-v626",
"modified": "2024-07-03T18:36:57Z",
"published": "2024-04-26T06:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32406"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/178251/Relate-Learning-And-Teaching-System-SSTI-Remote-Code-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46VF-C8GJ-2PGQ
Vulnerability from github – Published: 2024-04-22 21:31 – Updated: 2025-10-22 00:33VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
{
"affected": [],
"aliases": [
"CVE-2024-4040"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-20",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-22T20:15:07Z",
"severity": "HIGH"
},
"details": "VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.",
"id": "GHSA-46vf-c8gj-2pgq",
"modified": "2025-10-22T00:33:00Z",
"published": "2024-04-22T21:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4040"
},
{
"type": "WEB",
"url": "https://github.com/airbus-cert/CVE-2024-4040"
},
{
"type": "WEB",
"url": "https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4040"
},
{
"type": "WEB",
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"type": "WEB",
"url": "https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update"
},
{
"type": "WEB",
"url": "https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise"
},
{
"type": "WEB",
"url": "https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual"
},
{
"type": "WEB",
"url": "https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4J89-2C4F-44C6
Vulnerability from github – Published: 2026-06-22 23:58 – Updated: 2026-06-22 23:58Summary
Special template of issue index pattern may cause panic.
Details
in internal/markup/markup.go
link = fmt.Sprintf(`<a href="%s">%s</a>`, com.Expand(metas["format"], metas), m)
Issue index pattern is rendered to link with com.Expand.
However, com.Expand is not safe.
i = strings.Index(template, "}")
if s, ok := match[template[:i]]; ok {
when { is found but } not found, i comes to 1, template[:-1] will be called, and then panicked

finally, all pages than contains issue index are unavailable.
PoC
- set issue index pattern as follow

- add a commit which point to an issue in its msg

using #1 above
Impact
DoS that cause part of pages of the specify repo unavailable.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.14.2"
},
"package": {
"ecosystem": "Go",
"name": "gogs.io/gogs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-52796"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-22T23:58:17Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Summary\nSpecial template of issue index pattern may cause panic.\n\n### Details\n\nin internal/markup/markup.go\n\n```go\nlink = fmt.Sprintf(`\u003ca href=\"%s\"\u003e%s\u003c/a\u003e`, com.Expand(metas[\"format\"], metas), m)\n```\n\nIssue index pattern is rendered to link with `com.Expand`.\n\nHowever, `com.Expand` is not safe.\n\n```go\ni = strings.Index(template, \"}\")\nif s, ok := match[template[:i]]; ok {\n```\n\nwhen `{` is found but `}` not found, i comes to 1, template[:-1] will be called, and then panicked\n\n\n\nfinally, all pages than contains issue index are unavailable.\n\n### PoC\n\n1. set issue index pattern as follow\n\n\n\n2. add a commit which point to an issue in its msg\n\n\n\nusing `#1` above\n\n### Impact\n\nDoS that cause part of pages of the specify repo unavailable.",
"id": "GHSA-4j89-2c4f-44c6",
"modified": "2026-06-22T23:58:17Z",
"published": "2026-06-22T23:58:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-4j89-2c4f-44c6"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/pull/8312"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/commit/0529d95fc39f2b6d2997b19a2a12e24522684722"
},
{
"type": "PACKAGE",
"url": "https://github.com/gogs/gogs"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Gogs has DoS in rendering issue index pattern"
}
GHSA-4PJC-PWGQ-Q9JP
Vulnerability from github – Published: 2024-12-11 18:44 – Updated: 2024-12-12 19:20Summary
Siyuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables
Impact
Information leakage
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/siyuan-note/siyuan/kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.0-20241210012039-5129ad926a21"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-55660"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-11T18:44:47Z",
"nvd_published_at": "2024-12-12T02:15:32Z",
"severity": "MODERATE"
},
"details": "### Summary\nSiyuan\u0027s /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables\n\n### Impact\n\nInformation leakage",
"id": "GHSA-4pjc-pwgq-q9jp",
"modified": "2024-12-12T19:20:33Z",
"published": "2024-12-11T18:44:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4pjc-pwgq-q9jp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55660"
},
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/commit/e70ed57f6e4852e2bd702671aeb8eb3a47a36d71"
},
{
"type": "PACKAGE",
"url": "https://github.com/siyuan-note/siyuan"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-3324"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "SiYuan has an SSTI via /api/template/renderSprig"
}
GHSA-4PQH-3F6P-63C5
Vulnerability from github – Published: 2026-06-02 12:31 – Updated: 2026-06-02 12:31Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed on the server. Successful exploitation can allow an attacker to run remote commands, including establishing a reverse shell.
This issue affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545
{
"affected": [],
"aliases": [
"CVE-2026-34906"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-02T10:16:22Z",
"severity": "CRITICAL"
},
"details": "Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed on the server. Successful exploitation can allow an attacker to run remote commands, including establishing a reverse shell.\n\nThis issue affects Wirtualna Uczelnia versions up to\u00a0wu#2016.437.295#0#20260327_105545",
"id": "GHSA-4pqh-3f6p-63c5",
"modified": "2026-06-02T12:31:25Z",
"published": "2026-06-02T12:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34906"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2026/06/CVE-2026-34906"
},
{
"type": "WEB",
"url": "https://simple.com.pl/branze/edukacyjna"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4R7V-WHPG-8RX3
Vulnerability from github – Published: 2024-10-15 18:05 – Updated: 2025-08-06 17:55Summary
A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.
Details
changedetection.io version: 0.45.20
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
dgtlmoon/changedetection.io latest 53529c2e69f1 44 hours ago 423MB
The vulnerability is caused by the usage of vulnerable functions of Jinja2 template engine.
from jinja2 import Environment, BaseLoader
...
# Get the notification body from datastore
jinja2_env = Environment(loader=BaseLoader)
n_body = jinja2_env.from_string(n_object.get('notification_body', '')).render(**notification_parameters)
n_title = jinja2_env.from_string(n_object.get('notification_title', '')).render(**notification_parameters)
PoC
- Create/Edit a URL watch item
- Under Notifications tab insert this payload:
{{ self.__init__.__globals__.__builtins__.__import__('os').popen('id').read() }}
- See Telegram (or other supported messaging app) notification
Impact
In the PoC I've used id as payload and Telegram to read the result.
Attackers can run any system command without any restriction and they don't need to read the result in the notification app (e.g. they could use a reverse shell).
The impact is critical as the attacker can completely takeover the server host.
This can be reduced if changedetection access is protected by login page with a password, but this isn't required by the application (not by default and not enforced).
References
- https://www.hacktivesecurity.com/blog/2024/05/08/cve-2024-32651-server-side-template-injection-changedetection-io/
- https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection/jinja2-ssti
- https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/
- https://docs.cobalt.io/bestpractices/prevent-ssti/
Credits
Edoardo Ottavianelli
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.45.20"
},
"package": {
"ecosystem": "PyPI",
"name": "changedetection.io"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.45.21"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-32651"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-15T18:05:15Z",
"nvd_published_at": "2024-04-26T00:15:08Z",
"severity": "CRITICAL"
},
"details": "### Summary\nA Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n\n### Details\n\nchangedetection.io version: 0.45.20\n```\ndocker images\nREPOSITORY TAG IMAGE ID CREATED SIZE\ndgtlmoon/changedetection.io latest 53529c2e69f1 44 hours ago 423MB\n```\n\nThe vulnerability is caused by the usage of vulnerable functions of Jinja2 template engine.\n```python\nfrom jinja2 import Environment, BaseLoader\n...\n # Get the notification body from datastore\n jinja2_env = Environment(loader=BaseLoader)\n n_body = jinja2_env.from_string(n_object.get(\u0027notification_body\u0027, \u0027\u0027)).render(**notification_parameters)\n n_title = jinja2_env.from_string(n_object.get(\u0027notification_title\u0027, \u0027\u0027)).render(**notification_parameters)\n```\n\n\n### PoC\n1. Create/Edit a URL watch item\n2. Under *Notifications* tab insert this payload: \n```python\n{{ self.__init__.__globals__.__builtins__.__import__(\u0027os\u0027).popen(\u0027id\u0027).read() }}\n```\n\n\n3. See Telegram (or other supported messaging app) notification\n\n\n\n\n### Impact\nIn the PoC I\u0027ve used `id` as payload and Telegram to read the result. \nAttackers can run any system command without any restriction and they don\u0027t need to read the result in the notification app (e.g. they could use a reverse shell).\nThe impact is critical as the attacker can completely takeover the server host.\nThis can be reduced if changedetection access is protected by login page with a password, but this isn\u0027t required by the application (not by default and not enforced).\n\n### References\n- https://www.hacktivesecurity.com/blog/2024/05/08/cve-2024-32651-server-side-template-injection-changedetection-io/\n- https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection/jinja2-ssti\n- https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/\n- https://docs.cobalt.io/bestpractices/prevent-ssti/\n\n### Credits\n\nEdoardo Ottavianelli",
"id": "GHSA-4r7v-whpg-8rx3",
"modified": "2025-08-06T17:55:27Z",
"published": "2024-10-15T18:05:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32651"
},
{
"type": "WEB",
"url": "https://blog.hacktivesecurity.com/index.php/2024/05/08/cve-2024-32651-server-side-template-injection-changedetection-io"
},
{
"type": "PACKAGE",
"url": "https://github.com/dgtlmoon/changedetection.io"
},
{
"type": "WEB",
"url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21"
},
{
"type": "WEB",
"url": "https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution"
}
GHSA-4RMR-C2JX-VX27
Vulnerability from github – Published: 2022-01-27 14:51 – Updated: 2022-08-11 17:05In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strict_callables is true when section value is controllable.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "mustache/mustache"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.14.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-0323"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-24T23:01:39Z",
"nvd_published_at": "2022-01-21T18:15:00Z",
"severity": "HIGH"
},
"details": "In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strict_callables is true when section value is controllable.\n\n",
"id": "GHSA-4rmr-c2jx-vx27",
"modified": "2022-08-11T17:05:16Z",
"published": "2022-01-27T14:51:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0323"
},
{
"type": "WEB",
"url": "https://github.com/bobthecow/mustache.php/commit/579ffa5c96e1d292c060b3dd62811ff01ad8c24e"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mustache/mustache/CVE-2022-0323.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/bobthecow/mustache.php"
},
{
"type": "WEB",
"url": "https://github.com/bobthecow/mustache.php/releases/tag/v2.14.1"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Mustache remote code injection vulnerability"
}
GHSA-4W64-J7CG-53XC
Vulnerability from github – Published: 2023-04-24 21:30 – Updated: 2023-04-24 21:30Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
{
"affected": [],
"aliases": [
"CVE-2023-2259"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-24T21:15:09Z",
"severity": "CRITICAL"
},
"details": "Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.",
"id": "GHSA-4w64-j7cg-53xc",
"modified": "2023-04-24T21:30:30Z",
"published": "2023-04-24T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2259"
},
{
"type": "WEB",
"url": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-527Q-4WQV-G9WJ
Vulnerability from github – Published: 2025-10-16 20:28 – Updated: 2025-10-16 21:54Summary
Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions that are evaluated by the backend — potentially leading to Remote Code Execution (RCE) on the server.
Details
In Bagisto, product descriptions are rendered through Laravel’s Blade templating engine in various front-end and admin views. The product description field is not sanitized or escaped before being passed to the view, which means user-supplied data can break out of the expected string context and execute arbitrary template code.
PoC
Create a product and enter the payload to the description.
Preview the page, observed that the template expressions were evaluated by the backend and displayed on the screen.
Impact
RCE potential: Attackers can execute arbitrary PHP code or system commands. Data breach: Read sensitive environment variables (.env), API keys, or database credentials. Defacement / persistence: Inject malicious scripts or backdoors in dynamic templates. Privilege escalation: If attackers have limited roles (e.g., product manager), they can compromise the entire application or host.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.3.7"
},
"package": {
"ecosystem": "Packagist",
"name": "bagisto/bagisto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62416"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-16T20:28:35Z",
"nvd_published_at": "2025-10-16T19:15:34Z",
"severity": "MODERATE"
},
"details": "### Summary\nBagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions that are evaluated by the backend \u2014 potentially leading to Remote Code Execution (RCE) on the server.\n\n### Details\nIn Bagisto, product descriptions are rendered through Laravel\u2019s Blade templating engine in various front-end and admin views. The product description field is not sanitized or escaped before being passed to the view, which means user-supplied data can break out of the expected string context and execute arbitrary template code.\n\n### PoC\nCreate a product and enter the payload to the description.\n\u003cimg width=\"679\" height=\"669\" alt=\"image\" src=\"https://github.com/user-attachments/assets/1e5dac3f-4043-4b31-98ed-f4346feb5477\" /\u003e\nPreview the page, observed that the template expressions were evaluated by the backend and displayed on the screen.\n\u003cimg width=\"1431\" height=\"922\" alt=\"image\" src=\"https://github.com/user-attachments/assets/16f29c6e-05f4-40c4-9926-0c59e0a979c2\" /\u003e\n\n\n### Impact\nRCE potential: Attackers can execute arbitrary PHP code or system commands.\nData breach: Read sensitive environment variables (.env), API keys, or database credentials.\nDefacement / persistence: Inject malicious scripts or backdoors in dynamic templates.\nPrivilege escalation: If attackers have limited roles (e.g., product manager), they can compromise the entire application or host.",
"id": "GHSA-527q-4wqv-g9wj",
"modified": "2025-10-16T21:54:30Z",
"published": "2025-10-16T20:28:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/bagisto/bagisto/security/advisories/GHSA-527q-4wqv-g9wj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62416"
},
{
"type": "PACKAGE",
"url": "https://github.com/bagisto/bagisto"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "bagisto has Server Side Template Injection (SSTI) in Product Description"
}
GHSA-565M-G33J-JQ96
Vulnerability from github – Published: 2026-07-06 16:52 – Updated: 2026-07-06 16:52Summary
Formie Hidden fields could evaluate request-derived values as Twig during front-end form rendering.
When a Hidden field used a dynamic default value such as HTTP User Agent, Referer URL, Current URL, Query Parameter, or Cookie Value, the value was copied from the incoming request and later passed to Craft’s Twig rendering layer. This allowed an unauthenticated attacker to provide Twig syntax in request-controlled input and have it evaluated server-side when the form was rendered.
Affected Versions
verbb/formie for Craft 5:
- Affected: >= 3.0.0-beta.1, <= 3.1.26
- Patched: 3.1.27
Impact
An unauthenticated attacker could trigger server-side template evaluation by visiting a public form containing a Hidden field configured with a request-derived default value.
Because Craft’s normal Twig environment exposes application objects, this may lead to disclosure of sensitive information, modification of application state, or remote code execution depending on the site configuration and available Twig capabilities.
Technical Details
The issue exists in the Hidden field front-end render path. Request-derived Hidden field defaults were assigned to the field’s defaultValue, then rendered via Twig in Hidden::getFrontEndInputOptions().
The fix ensures Twig rendering is only performed for the custom default option, where the template source is admin-authored. Request-derived default options are now treated as plain strings.
Patches
Update to Formie 3.1.27 or later.
Workarounds
Until patched, avoid using request-derived Hidden field defaults on public forms, including: - HTTP User Agent - HTTP Refer URL - Current URL - Current URL without Query String - Query Parameter - Cookie Value
Alternatively, remove affected Hidden fields from public forms until the update is applied.
Credit
Name: Yanchon918s Email: ao9s@ao9s.net
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "verbb/formie"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.27"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-52889"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-06T16:52:16Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "## Summary\nFormie Hidden fields could evaluate request-derived values as Twig during front-end form rendering.\n\nWhen a Hidden field used a dynamic default value such as HTTP User Agent, Referer URL, Current URL, Query Parameter, or Cookie Value, the value was copied from the incoming request and later passed to Craft\u2019s Twig rendering layer. This allowed an unauthenticated attacker to provide Twig syntax in request-controlled input and have it evaluated server-side when the form was rendered.\n\n## Affected Versions\n`verbb/formie` for Craft 5:\n- Affected: \u003e= 3.0.0-beta.1, \u003c= 3.1.26\n- Patched: 3.1.27\n\n## Impact\nAn unauthenticated attacker could trigger server-side template evaluation by visiting a public form containing a Hidden field configured with a request-derived default value.\n\nBecause Craft\u2019s normal Twig environment exposes application objects, this may lead to disclosure of sensitive information, modification of application state, or remote code execution depending on the site configuration and available Twig capabilities.\n\n## Technical Details\nThe issue exists in the Hidden field front-end render path. Request-derived Hidden field defaults were assigned to the field\u2019s defaultValue, then rendered via Twig in `Hidden::getFrontEndInputOptions()`.\n\nThe fix ensures Twig rendering is only performed for the custom default option, where the template source is admin-authored. Request-derived default options are now treated as plain strings.\n\n## Patches\nUpdate to Formie 3.1.27 or later.\n\n## Workarounds\nUntil patched, avoid using request-derived Hidden field defaults on public forms, including:\n- HTTP User Agent\n- HTTP Refer URL\n- Current URL\n- Current URL without Query String\n- Query Parameter\n- Cookie Value\n\nAlternatively, remove affected Hidden fields from public forms until the update is applied.\n\n## Credit\nName: Yanchon918s\nEmail: [ao9s@ao9s.net](mailto:ao9s@ao9s.net)",
"id": "GHSA-565m-g33j-jq96",
"modified": "2026-07-06T16:52:16Z",
"published": "2026-07-06T16:52:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/verbb/formie/security/advisories/GHSA-565m-g33j-jq96"
},
{
"type": "PACKAGE",
"url": "https://github.com/verbb/formie"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Formie Hidden field defaults vulnerable to Server-Side Template Injection"
}
Mitigation
Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.
Mitigation
Use the template engine's sandbox or restricted mode, if available.
No CAPEC attack patterns related to this CWE.