← Cybersecurity Alphabet Soup

SSTI

Server-Side Template Injection

attackshard

Server-Side Template Injection occurs when user input is embedded directly into a server-side template and then evaluated by the template engine. Because template engines can execute expressions, this often escalates to full remote code execution on the server. It matters as web frameworks increasingly rely on templating, and the fix is never mixing untrusted input into template logic.

Sources

More in attacks