CWE-97
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.
Official CWE-97 definition at MITREImpactr finds and proves weaknesses like CWE-97 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist