Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1336

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

175 vulnerabilities with CWE-1336

CVE-2024-24724 CRITICAL

Gibbon < 26.0.00 - Server-Side Template Injection via Messenger Settings

CVE-2024-28116 HIGH

Grav < 1.7.45 - Authenticated Server-Side Template Injection

CVE-2024-27623 MEDIUM

CMS Made Simple 2.2.19 - Server-Side Template Injection in Design Manager Breadcrumbs

CVE-2023-6743 HIGH

Unlimited Elements For Elementor < 1.5.89 - Authenticated Remote Code Execution via Template Import

CVE-2023-47542 MEDIUM

FortiManager <7.4.1, <7.2.4, <7.0.10 - Code Injection

CVE-2023-5764 HIGH

Ansible < 2.14.12 and 2.16.0-2.16.1 - Template Injection via Unsafe Data Handling

CVE-2023-6709 HIGH

mlflow/mlflow <2.9.2 - Info Disclosure

CVE-2023-46245 HIGH

Kimai < 2.1.0 - Server-Side Template Injection and Remote Code Execution via Twig File Upload

CVE-2023-41047 MEDIUM

OctoPrint <= 1.9.2 - Authenticated Remote Code Execution via GCODE Script Rendering

CVE-2023-29297 CRITICAL

Adobe Commerce <= 2.4.6, <= 2.4.5-p2, <= 2.4.4-p3 - Authenticated Remote Code Execution via Template Injection

CVE-2023-34448 HIGH

Grav < 1.7.42 - Server-Side Template Injection via Twig map() and reduce() Functions

CVE-2023-34253 HIGH

Grav < 1.7.42 - Authenticated Remote Code Execution via Template Injection Denylist Bypass

CVE-2023-34252 HIGH

Grav < 1.7.42 - Authenticated Remote Code Execution via Twig Filter Array Bypass

CVE-2023-2259 HIGH

GitHub alfio-event/alf.io <2.0-M4-2304 - Info Disclosure

CVE-2023-2017 HIGH

Shopware 6 <= v6.4.20.0,v6.5.0.0-rc1 <= v6.5.0.0-rc4 - Code Injection

CVE-2023-27995 HIGH

Fortinet FortiSOAR 7.3.0-7.3.1 - Authenticated Remote Code Execution via Template Injection

CVE-2022-23851 CRITICAL

Netaxis API Orchestrator <0.19.3 - SSRF

CVE-2022-47896 MEDIUM

JetBrains IntelliJ IDEA <2022.3.1 - Code Injection

CVE-2022-25813 HIGH

Apache OFBiz < 18.12.06 - Server-Side Template Injection via Ecommerce Contact Us Subject Field

CVE-2022-27662 MEDIUM

F5 Traffix SDC <5.2.2, <5.1.35 - XSS

CVE-2022-0944 HIGH

sqlpad < 6.10.1 - Remote Code Execution via Template Injection in Connection Test Endpoint

CVE-2022-0896 HIGH

microweber/microweber <1.3 - Info Disclosure

CVE-2022-0323 HIGH

Packagist mustache/mustache <2.14.1 - Info Disclosure

CVE-2021-4315 MEDIUM

NYUCCL psiTurk <3.2.0 - Template Injection

CVE-2021-39128 HIGH

Atlassian Jira Server/Data Center - RCE

Previous Page 7 of 7

Details

Vulnerabilities 175

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy