The mitigation for these vulnerabilities is a little tricky; actually, when you report an SSTI, it's complicated to explain, as a big SSTI is usually classified as another vulnerability. The next points are important to keep in mind while writing recommendations for your report:

• Validate the strings loaded as you were using an eval() function.
• Implement protections for Local File Inclusions (LFIs). When a functionality is added through an attack, it works as a require function.
• Do not pass dynamic data directly to a template. Instead, use the engine's built-in functionality.