CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

155 vulnerabilities with CWE-1336
CVE-2024-35191 MEDIUM
Formie <2.1.6 - Code Injection
CVSS 4.4
CVE-2024-32406 HIGH
inducer relate <v.2024.1 - RCE
CVSS 7.5
CVE-2024-32651 CRITICAL
changedetection.io - RCE
CVSS 10.0
CVE-2024-25624 MEDIUM
Iris - SSRF
CVSS 6.8
CVE-2024-4040 CRITICAL KEV
CrushFTP <10.7.1-11.1.0 - RCE
CVSS 9.8
CVE-2024-24724 CRITICAL
Gibbon <26.0.00 - SSRF/RCE
CVSS 9.8
CVE-2024-28116 HIGH
Grav CMS <1.7.45 - SSRF
CVSS 8.8
CVE-2024-27623 MEDIUM
CMS Made Simple <2.2.19 - SSRF
CVSS 5.9
CVE-2023-6743 HIGH
Unlimited-elements Unlimited Elements For Elementor - Code Injection
CVSS 8.8
CVE-2023-47542 MEDIUM
FortiManager <7.4.1, <7.2.4, <7.0.10 - Code Injection
CVSS 6.7
CVE-2023-5764 HIGH
Ansible - Template Injection
CVSS 7.1
CVE-2023-6709 HIGH
mlflow/mlflow <2.9.2 - Info Disclosure
CVSS 8.8
CVE-2023-46245 HIGH
Kimai <2.1.0 - SSRF/RCE
CVSS 7.2
CVE-2023-41047 MEDIUM
OctoPrint <1.9.2 - Code Injection
CVSS 6.2
CVE-2023-29297 CRITICAL
Adobe Commerce <2.4.6 - RCE
CVSS 9.1
CVE-2023-34448 HIGH
Grav < 1.7.42 - Remote Code Execution
CVSS 8.8
CVE-2023-34253 HIGH
Grav < 1.7.42 - Remote Code Execution
CVSS 8.8
CVE-2023-34252 HIGH
Grav < 1.7.42 - Remote Code Execution
CVSS 8.8
CVE-2023-2259 HIGH
GitHub alfio-event/alf.io <2.0-M4-2304 - Info Disclosure
CVSS 7.2
CVE-2023-2017 HIGH
Shopware 6 <= v6.4.20.0,v6.5.0.0-rc1 <= v6.5.0.0-rc4 - Code Injection
CVSS 8.8
CVE-2023-27995 HIGH
Fortinet FortiSOAR <7.3.1 - RCE
CVSS 7.2
CVE-2022-23851 CRITICAL
Netaxis API Orchestrator <0.19.3 - SSRF
CVSS 9.8
CVE-2022-47896 MEDIUM
JetBrains IntelliJ IDEA <2022.3.1 - Code Injection
CVSS 5.0
CVE-2022-25813 HIGH
Apache OFBiz <18.12.05 - SSRF
CVSS 7.5
CVE-2022-27662 MEDIUM
F5 Traffix SDC <5.2.2, <5.1.35 - XSS
CVSS 4.8
Details
Vulnerabilities 155
Links
MITRE CWE Entry Search this CWE With Exploits