Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 790

ID Title
CVE-2026-15033 A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this...
CVE-2026-53479 OS Command Injection in CVE-2026-53479 (CVE-2026-53479)
CVE-2026-42201 OS Command Injection in CVE-2026-42201 (CVE-2026-42201)
CVE-2026-34158 OS Command Injection in CVE-2026-34158 (CVE-2026-34158)
CVE-2026-42143 OS Command Injection in CVE-2026-42143 (CVE-2026-42143)
CVE-2026-34152 OS Command Injection in CVE-2026-34152 (CVE-2026-34152)
CVE-2026-34168 OS Command Injection in CVE-2026-34168 (CVE-2026-34168)
CVE-2026-34058 OS Command Injection in CVE-2026-34058 (CVE-2026-34058)
CVE-2026-34149 OS Command Injection in CVE-2026-34149 (CVE-2026-34149)
CVE-2026-34057 OS Command Injection in CVE-2026-34057 (CVE-2026-34057)
CVE-2026-34034 OS Command Injection in CVE-2026-34034 (CVE-2026-34034)
CVE-2026-34035 OS Command Injection in CVE-2026-34035 (CVE-2026-34035)
CVE-2026-42204 OS Command Injection in CVE-2026-42204 (CVE-2026-42204)
CVE-2026-42148 OS Command Injection in CVE-2026-42148 (CVE-2026-42148)
CVE-2026-42153 OS Command Injection in CVE-2026-42153 (CVE-2026-42153)
CVE-2026-34599 OS Command Injection in CVE-2026-34599 (CVE-2026-34599)
CVE-2026-34049 OS Command Injection in CVE-2026-34049 (CVE-2026-34049)
CVE-2026-34153 OS Command Injection in CVE-2026-34153 (CVE-2026-34153)
CVE-2026-34038 OS Command Injection in CVE-2026-34038 (CVE-2026-34038)
CVE-2026-55427 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55427)
CVE-2026-55798 OS Command Injection in pillow (CVE-2026-55798)
CVE-2026-14802 A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the...
CVE-2026-12195 OS Command Injection in CVE-2026-12195 (CVE-2026-12195)
CVE-2026-49815 OS Command Injection in CVE-2026-49815 (CVE-2026-49815)
CVE-2026-53478 OS Command Injection in CVE-2026-53478 (CVE-2026-53478)
CVE-2026-49814 OS Command Injection in CVE-2026-49814 (CVE-2026-49814)
CVE-2026-49813 OS Command Injection in CVE-2026-49813 (CVE-2026-49813)
CVE-2026-54483 OS Command Injection in CVE-2026-54483 (CVE-2026-54483)
CVE-2026-26355 OS Command Injection in CVE-2026-26355 (CVE-2026-26355)
CVE-2026-59800 OS Command Injection in 9router (CVE-2026-59800)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →