Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 797

ID Title
CVE-2026-8230 Command Injection in wavlink (CVE-2026-8230)
CVE-2026-8217 Command Injection in CVE-2026-8217 (CVE-2026-8217)
CVE-2026-8192 Command Injection in wavlink (CVE-2026-8192)
CVE-2026-8191 Command Injection in c (CVE-2026-8191)
CVE-2026-8190 Command Injection in wavlink (CVE-2026-8190)
CVE-2026-8189 Command Injection in wavlink (CVE-2026-8189)
CVE-2026-8188 Command Injection in wavlink (CVE-2026-8188)
CVE-2026-20040 OS Command Injection in Cisco ios-xr (CVE-2026-20040)
CVE-2026-3828 OS Command Injection in CVE-2026-3828 (CVE-2026-3828)
CVE-2026-42454 OS Command Injection in docker (CVE-2026-42454)
CVE-2026-44656 OS Command Injection in vim (CVE-2026-44656)
CVE-2026-42307 OS Command Injection in vim (CVE-2026-42307)
CVE-2026-41497 Command Injection in praison (CVE-2026-41497)
CVE-2022-50994 OS Command Injection in CVE-2022-50994 (CVE-2022-50994)
CVE-2026-8153 OS Command Injection in iot-embedded (CVE-2026-8153)
CVE-2025-67888 OS Command Injection in CVE-2025-67888 (CVE-2025-67888)
CVE-2024-51092 OS Command Injection in command-injection (CVE-2024-51092)
CVE-2022-45899 OS Command Injection in CVE-2022-45899 (CVE-2022-45899)
CVE-2026-43943 OS Command Injection in electerm (CVE-2026-43943)
CVE-2026-42271 KEV [KEV] Command Injection in Berriai litellm (CVE-2026-42271)
CVE-2026-41900 OS Command Injection in openlearnx (CVE-2026-41900)
CVE-2026-8112 Command Injection in 8421bit (CVE-2026-8112)
CVE-2026-42215 OS Command Injection in GitPython (CVE-2026-42215)
CVE-2025-63705 OS Command Injection in node-ts-ocr (CVE-2025-63705)
CVE-2025-9661 OS Command Injection in hitachi (CVE-2025-9661)
CVE-2026-31195 OS Command Injection in CVE-2026-31195 (CVE-2026-31195)
CVE-2026-31196 OS Command Injection in CVE-2026-31196 (CVE-2026-31196)
CVE-2026-36356 OS Command Injection in CVE-2026-36356 (CVE-2026-36356)
CVE-2026-41922 OS Command Injection in CVE-2026-41922 (CVE-2026-41922)
CVE-2026-42364 OS Command Injection in geovision (CVE-2026-42364)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →