Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1336

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

175 vulnerabilities with CWE-1336

CVE-2024-57177 HIGH

perfood/couch-auth <= 0.21.2 - SSRF

CVE-2024-54954 HIGH

OneBlog < 2.3.6 - Template Injection via Template Management

CVE-2024-12583 CRITICAL

Dynamics 365 Integration plugin - RCE

CVE-2024-56326 HIGH

Jinja < 3.1.5 - Remote Code Execution via Sandboxed Template String Format Bypass

CVE-2024-55660 CRITICAL

SiYuan < 3.1.16 - Server-Side Template Injection via Sprig Template Engine

CVE-2024-55652 MEDIUM

PenDoc <1d4219c596f4f518798492e48386a20c6 - Code Injection

CVE-2024-30372 MEDIUM

Allegra < 7.5.1 - Authenticated Remote Code Execution via getLinkText Template Injection

CVE-2024-48962 HIGH

Apache OFBiz < 18.12.17 - Cross-Site Request Forgery

CVE-2024-39766 HIGH

Intel(R) Neural Compressor <v3.0 - Privilege Escalation

CVE-2024-46366 HIGH

Webkul Krayin CRM 1.3.0 - Client-side Template Injection via Lead Creation

CVE-2024-45053 CRITICAL

Fides 2.19.0-2.44.0 - Authenticated Remote Code Execution via Email Template Injection

CVE-2024-6386 CRITICAL

WPML < 4.6.13 - Authenticated Remote Code Execution via Twig Server-Side Template Injection

CVE-2024-42356 HIGH

Shopware <6.6.5.1-6.5.8.13 - Code Injection

CVE-2024-42355 HIGH

Shopware <6.6.5.1-6.5.8.13 - Code Injection

CVE-2024-41950 HIGH

Haystack < 2.3.1 - Remote Code Execution via Jinja2 Template Injection

CVE-2024-38363 HIGH

Airbyte < 0.62.2 - Authenticated Remote Code Execution via Server-Side Template Injection

CVE-2024-37621 HIGH

StrongShop 1.0 - Server-Side Template Injection in /shippingOptionConfig/index.blade.php

CVE-2024-37301 HIGH

document-merge-service <= 6.5.1 - Remote Code Execution via Server-Side Template Injection

CVE-2024-23692 CRITICAL KEV

Rejetto HTTP File Server - Template injection

CVE-2024-34710 HIGH

Wiki.js <= 2.5.302 - Stored Cross-Site Scripting via Invalid HTML Tag Injection

CVE-2024-35191 MEDIUM

Formie < 2.0.44 and 2.1.0-2.1.5 - Authenticated Server-Side Template Injection via Submission Title or Success Message

CVE-2024-32406 HIGH

inducer relate < 2024.1 - Server-Side Template Injection via Batch-Issue Exam Tickets Function

CVE-2024-32651 CRITICAL

changedetection.io <=0.45.20 - Remote Command Execution via Jinja2 SSTI

CVE-2024-25624 MEDIUM

IRIS <2.4.6 - Authenticated Remote Code Execution via Report Template SSTI

CVE-2024-4040 CRITICAL KEV

CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection

Previous Page 6 of 7 Next

Details

Vulnerabilities 175

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy