RCE with Twig SSTI
Twig server-side template injection (SSTI) is a type of security vulnerability that occurs when user input is mishandled and injected directly into the Twig template, a popular PHP template engine. Remote code execution can be achieved if a web application allows a user (attacker) to inject malicious payloads into a Twig template without proper sanitization or escape.
“The vulnerability lies in the handling of shortcodes within the WPML plugin,” stealthcopter added. “Specifically, the plugin uses Twig templates to serve content with shortcodes but fails to properly sanitize the input, resulting in server-side template injection (SSTI).”
Shortcuts in WordPress enable users to easily add dynamic content, such as galleries, forms, buttons, or custom content blocks, to posts, pages, or widgets without needing to write complex code.
Source link