Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 790

ID Title
CVE-2026-9515 Command Injection in CVE-2026-9515 (CVE-2026-9515)
CVE-2026-9512 Command Injection in CVE-2026-9512 (CVE-2026-9512)
CVE-2026-9511 Command Injection in CVE-2026-9511 (CVE-2026-9511)
CVE-2026-9513 Command Injection in CVE-2026-9513 (CVE-2026-9513)
CVE-2026-9514 Command Injection in CVE-2026-9514 (CVE-2026-9514)
CVE-2026-9478 Command Injection in CVE-2026-9478 (CVE-2026-9478)
CVE-2026-9477 Command Injection in CVE-2026-9477 (CVE-2026-9477)
CVE-2026-9476 Command Injection in CVE-2026-9476 (CVE-2026-9476)
CVE-2026-9475 Command Injection in CVE-2026-9475 (CVE-2026-9475)
CVE-2026-9455 Command Injection in CVE-2026-9455 (CVE-2026-9455)
CVE-2026-9458 Command Injection in CVE-2026-9458 (CVE-2026-9458)
CVE-2026-9454 Command Injection in CVE-2026-9454 (CVE-2026-9454)
CVE-2026-9457 Command Injection in CVE-2026-9457 (CVE-2026-9457)
CVE-2026-9452 Command Injection in CVE-2026-9452 (CVE-2026-9452)
CVE-2026-9456 Command Injection in CVE-2026-9456 (CVE-2026-9456)
CVE-2026-9432 Command Injection in CVE-2026-9432 (CVE-2026-9432)
CVE-2026-9433 Command Injection in CVE-2026-9433 (CVE-2026-9433)
CVE-2026-9435 Command Injection in CVE-2026-9435 (CVE-2026-9435)
CVE-2026-9436 Command Injection in CVE-2026-9436 (CVE-2026-9436)
CVE-2026-9437 Command Injection in CVE-2026-9437 (CVE-2026-9437)
CVE-2026-9434 Command Injection in CVE-2026-9434 (CVE-2026-9434)
CVE-2026-9424 Command Injection in CVE-2026-9424 (CVE-2026-9424)
CVE-2026-9406 Command Injection in CVE-2026-9406 (CVE-2026-9406)
CVE-2026-9404 Command Injection in CVE-2026-9404 (CVE-2026-9404)
CVE-2026-9405 Command Injection in CVE-2026-9405 (CVE-2026-9405)
CVE-2026-9408 Command Injection in CVE-2026-9408 (CVE-2026-9408)
CVE-2026-9407 Command Injection in CVE-2026-9407 (CVE-2026-9407)
CVE-2026-9388 Command Injection in CVE-2026-9388 (CVE-2026-9388)
CVE-2026-9387 Command Injection in CVE-2026-9387 (CVE-2026-9387)
CVE-2026-9386 Command Injection in CVE-2026-9386 (CVE-2026-9386)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →