Sanitise input by escaping characters like < , > , ! , - , and " .
To help tailor this information to your specific system, let me know: What are you running? (Apache, Nginx, IIS?) view shtml patched
The most severe risk associated with unpatched SSI is the execution of system-level commands. If the web server allows the #exec directive, an attacker can run commands directly on the server hosting the site: Sanitise input by escaping characters like ,