SSTI

SSTI occurs when user-controlled input is embedded into server-side templates and interpreted as template syntax instead of plain text. Attackers may exploit SSTI to access application variables, read configuration data, execute system commands, or gain control over the server depending on the template engine. In bug bounty programs, SSTI is usually considered high impact because it can expose sensitive backend logic and may lead to remote code execution.