Cwe 78

🧬 CWE Related 120

slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。

📌 Example

Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔗 Related links

MITRE CWE-78 公式ページ ↗

🔖 Related tags

Cwe 20125 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 125

ID	Title	Severity	Detected
CVE-2026-8192	Command Injection in CVE-2026-8192 (CVE-2026-8192)	Medium	4 hours ago
CVE-2026-8191	Command Injection in c (CVE-2026-8191)	Medium	4 hours ago
CVE-2026-8190	Command Injection in CVE-2026-8190 (CVE-2026-8190)	Medium	5 hours ago
CVE-2026-8189	Command Injection in CVE-2026-8189 (CVE-2026-8189)	Medium	6 hours ago
CVE-2026-8188	Command Injection in CVE-2026-8188 (CVE-2026-8188)	Medium	7 hours ago
CVE-2026-44656	OS Command Injection in CVE-2026-44656 (CVE-2026-44656)		1 day ago
CVE-2026-42454	OS Command Injection in docker (CVE-2026-42454)	Critical	1 day ago
CVE-2026-42307	OS Command Injection in CVE-2026-42307 (CVE-2026-42307)	Medium	1 day ago
CVE-2026-41497	Command Injection in praison (CVE-2026-41497)	Critical	1 day ago
CVE-2022-50994	OS Command Injection in CVE-2022-50994 (CVE-2022-50994)	High	1 day ago
CVE-2026-8153	OS Command Injection in iot-embedded (CVE-2026-8153)	Critical	1 day ago
CVE-2025-67888	OS Command Injection in CVE-2025-67888 (CVE-2025-67888)	High	1 day ago
CVE-2024-51092	OS Command Injection in command-injection (CVE-2024-51092)	Critical	1 day ago
CVE-2022-45899	OS Command Injection in CVE-2022-45899 (CVE-2022-45899)	Medium	1 day ago
CVE-2026-43943	OS Command Injection in electerm (CVE-2026-43943)	High	1 day ago
CVE-2026-42271	Command Injection in litellm (CVE-2026-42271)	High	1 day ago
CVE-2026-41900	OS Command Injection in CVE-2026-41900 (CVE-2026-41900)	High	1 day ago
CVE-2026-8112	Command Injection in CVE-2026-8112 (CVE-2026-8112)	Medium	2 days ago
CVE-2026-42215	OS Command Injection in GitPython (CVE-2026-42215)	High	2 days ago
CVE-2025-63705	OS Command Injection in CVE-2025-63705 (CVE-2025-63705)	High	2 days ago
CVE-2025-9661	OS Command Injection in hitachi (CVE-2025-9661)	High	2 days ago
CVE-2026-35073	OS Command Injection in dell (CVE-2026-35073)	Medium	3 weeks ago
CVE-2026-35074	OS Command Injection in dell (CVE-2026-35074)	Medium	3 weeks ago
CVE-2026-35072	OS Command Injection in dell (CVE-2026-35072)	Medium	3 weeks ago
CVE-2026-25108 KEV	[KEV] OS Command Injection in Soliton systems k.k soliton-systems-kk (CVE-2026-25108)	High	2 months ago
CVE-2026-1731 KEV	[KEV] OS Command Injection in Beyondtrust remote-support-rs-and-privileged-remote-access-pra (CVE-2026-1731)	High	2 months ago
CVE-2025-11953 KEV	[KEV] OS Command Injection in React native community react-native-community (CVE-2025-11953)	High	3 months ago
CVE-2025-64328 KEV	[KEV] OS Command Injection in Sangoma freepbx (CVE-2025-64328)	High	3 months ago
CVE-2025-66644 KEV	[KEV] OS Command Injection in Array networks array-networks (CVE-2025-66644)	High	5 months ago
CVE-2025-58034 KEV	[KEV] OS Command Injection in Fortinet fortiweb (CVE-2025-58034)	High	5 months ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →