By manipulating the server-side template engine, an attacker can inject arbitrary code or data into the template. This can lead to remote code execution and unauthorized access.
Use secure template rendering methods that do not evaluate user input as part of the template. Instead, use parameterized queries or bind variables to prevent injection attacks.