Server-Side Template Injection

Web applications often rely on template engines to manage the dynamic generation of the HTML pages presented to their users. A Server-Side Template Injection (SSTI) vulnerability exists when an application embeds unsafe user-controlled inputs in its templates and then evaluates it. By injecting a specific payload dependent on the template engine used by the application, an attacker can leverage this vulnerability to gain access to sensitive information or to achieve remote code execution.