Details | |
---|---|
Alert ID | 90035 |
Alert Type | Active |
Status | release |
Risk | High |
CWE | 1336 |
WASC | 20 |
Technologies Targeted | All |
Tags |
CWE-1336 OWASP_2017_A01 OWASP_2021_A03 POLICY_API POLICY_DEV_CICD POLICY_DEV_FULL POLICY_DEV_STD POLICY_QA_FULL POLICY_QA_STD POLICY_SEQUENCE WSTG-V42-INPV-18 |
More Info |
Scan Rule Help |
Summary
When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.