[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-26558":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":42,"name":43,"published":44,"updated":34},26558,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},2,"Nuclei",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":34,"epss_score":34,"epss_percentile":34,"cve":34,"in_cisa_catalog":41,"date":34,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"high","The risk exists that an attacker can use the vulnerability identified to perform further attacks on the server.","Twig, a PHP template engine, posed significant challenges in crafting a working payload due to its built-in and default configurations, particularly in string creation. However, by utilizing the block feature and the built-in _charset variable, Attacker successfully developed a payload by nesting these elements together.","We recommend reviewing the purpose of the application or the server and applying patches, if applicable.",[40],"https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation",false,"NETSCAN-NUCLEI-VULNERABILITIES-TWIG-SSTI","Twig - Server Side Template Injection","2025-02-24T00:00:00Z"]