CVEs-PoC/2018/CVE-2018-13818.md

### [CVE-2018-13818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13818)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it.

### POC

#### Reference
- https://www.exploit-db.com/exploits/44102/

#### Github
No PoCs found on GitHub currently.