Injection
Server-Side Template Injection (SSTI)
Injecting malicious template directives to achieve RCE on the server.
SSTI occurs when user input is embedded in server-side template engines (Jinja2, Handlebars, Pug, etc.) without proper escaping. Attackers inject template directives that execute arbitrary code. Severity ranges from data disclosure to full RCE.