Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 797

ID Title
CVE-2026-43003 OS Command Injection in ironic-python-agent (CVE-2026-43003)
CVE-2026-7246 Command Injection in palletsprojects (CVE-2026-7246)
CVE-2026-6849 Improper neutralization of special elements used in an OS command ('OS command injection')...
CVE-2024-54012 OS Command Injection in hanwhavision (CVE-2024-54012)
CVE-2026-0711 OS Command Injection in zyxel (CVE-2026-0711)
CVE-2026-1460 OS Command Injection in zyxel (CVE-2026-1460)
CVE-2026-6942 OS Command Injection in radare (CVE-2026-6942)
CVE-2026-5935 OS Command Injection in ibm (CVE-2026-5935)
CVE-2026-41179 OS Command Injection in github.com/rclone/rclone (CVE-2026-41179)
CVE-2026-31019 OS Command Injection in dolibarr (CVE-2026-31019)
CVE-2026-5965 OS Command Injection in CVE-2026-5965 (CVE-2026-5965)
CVE-2026-32311 OS Command Injection in flowsint (CVE-2026-32311)
CVE-2026-5967 OS Command Injection in privilege-escalation (CVE-2026-5967)
CVE-2026-40527 OS Command Injection in radare (CVE-2026-40527)
CVE-2026-35072 OS Command Injection in dell (CVE-2026-35072)
CVE-2026-35073 OS Command Injection in dell (CVE-2026-35073)
CVE-2026-35074 OS Command Injection in dell (CVE-2026-35074)
CVE-2026-41113 OS Command Injection in c (CVE-2026-41113)
CVE-2026-6349 OS Command Injection in CVE-2026-6349 (CVE-2026-6349)
CVE-2026-34197 KEV [KEV] Vulnerability in Apache activemq (CVE-2026-34197)
CVE-2026-40176 Vulnerability in getcomposer (CVE-2026-40176)
CVE-2026-40261 Vulnerability in getcomposer (CVE-2026-40261)
CVE-2026-33414 OS Command Injection in podman-project (CVE-2026-33414)
CVE-2026-28291 OS Command Injection in simple-git-project (CVE-2026-28291)
CVE-2026-21915 Vulnerability in juniper (CVE-2026-21915)
CVE-2026-35585 OS Command Injection in github.com/filebrowser/filebrowser/v2 (CVE-2026-35585)
CVE-2026-4631 OS Command Injection in CVE-2026-4631 (CVE-2026-4631)
CVE-2026-34977 OS Command Injection in c (CVE-2026-34977)
CVE-2026-34982 OS Command Injection in vim (CVE-2026-34982)
CVE-2026-3692 OS Command Injection in progress (CVE-2026-3692)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →