Cwe 78

🧬 CWE Related 120

slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。

📌 Example

Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔗 Related links

MITRE CWE-78 公式ページ ↗

🔖 Related tags

Cwe 20125 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 125

ID	Title	Severity	Detected
CVE-2025-48703 KEV	[KEV] OS Command Injection in Cwp control-web-panel (CVE-2025-48703)	High	6 months ago
CVE-2014-6278 KEV	[KEV] OS Command Injection in gnu (CVE-2014-6278)	High	7 months ago
CVE-2025-9377 KEV	[KEV] OS Command Injection in Tp-link multiple-routers (CVE-2025-9377)	High	8 months ago
CVE-2025-54948 KEV	[KEV] OS Command Injection in Trend micro trend-micro (CVE-2025-54948)	High	8 months ago
CVE-2023-39780 KEV	[KEV] OS Command Injection in Asus rt-ax55-routers (CVE-2023-39780)	High	11 months ago
CVE-2024-12987 KEV	[KEV] OS Command Injection in Draytek vigor-routers (CVE-2024-12987)	High	11 months ago
CVE-2024-11120 KEV	[KEV] OS Command Injection in Geovision multiple-devices (CVE-2024-11120)	High	1 year ago
CVE-2024-6047 KEV	[KEV] OS Command Injection in Geovision multiple-devices (CVE-2024-6047)	High	1 year ago
CVE-2023-44221 KEV	[KEV] OS Command Injection in Sonicwall sma100-appliances (CVE-2023-44221)	High	1 year ago
CVE-2021-20035 KEV	[KEV] OS Command Injection in Sonicwall sma100-appliances (CVE-2021-20035)	High	1 year ago
CVE-2025-1316 KEV	[KEV] OS Command Injection in Edimax ic-7100-ip-camera (CVE-2025-1316)	High	1 year ago
CVE-2024-40891 KEV	[KEV] OS Command Injection in Zyxel dsl-cpe-devices (CVE-2024-40891)	High	1 year ago
CVE-2024-40890 KEV	[KEV] OS Command Injection in Zyxel dsl-cpe-devices (CVE-2024-40890)	High	1 year ago
CVE-2018-9276 KEV	[KEV] OS Command Injection in Paessler prtg-network-monitor (CVE-2018-9276)	High	1 year ago
CVE-2024-50603 KEV	[KEV] OS Command Injection in Aviatrix controllers (CVE-2024-50603)	High	1 year ago
CVE-2024-12686 KEV	[KEV] OS Command Injection in Beyondtrust privileged-remote-access-pra-and-remote-support-rs (CVE-2024-12686)	High	1 year ago
CVE-2021-40407 KEV	[KEV] OS Command Injection in Reolink rlc-410w-ip-camera (CVE-2021-40407)	High	1 year ago
CVE-2019-11001 KEV	[KEV] OS Command Injection in Reolink multiple-ip-cameras (CVE-2019-11001)	High	1 year ago
CVE-2018-14933 KEV	[KEV] OS Command Injection in Nuuo nvrmini-devices (CVE-2018-14933)	High	1 year ago
CVE-2024-1212 KEV	[KEV] OS Command Injection in Progress kemp-loadmaster (CVE-2024-1212)	High	1 year ago
CVE-2024-9463 KEV	[KEV] OS Command Injection in Palo alto networks palo-alto-networks (CVE-2024-9463)	High	1 year ago
CVE-2024-8957 KEV	[KEV] OS Command Injection in Ptzoptics pt30x-sdindi-cameras (CVE-2024-8957)	High	1 year ago
CVE-2023-25280 KEV	[KEV] OS Command Injection in D-link dir-820-router (CVE-2023-25280)	High	1 year ago
CVE-2020-15415 KEV	[KEV] OS Command Injection in Draytek multiple-vigor-routers (CVE-2020-15415)	High	1 year ago
CVE-2024-8190 KEV	[KEV] OS Command Injection in Ivanti cloud-services-appliance (CVE-2024-8190)	High	1 year ago
CVE-2024-20399 KEV	[KEV] OS Command Injection in Cisco nx-os (CVE-2024-20399)	High	1 year ago
CVE-2024-4577 KEV	[KEV] OS Command Injection in Php group php-group (CVE-2024-4577)	High	1 year ago
CVE-2017-3506 KEV	[KEV] OS Command Injection in Oracle weblogic-server (CVE-2017-3506)	High	1 year ago
CVE-2019-7256 KEV	[KEV] OS Command Injection in Nice linear-emerge-e3-series (CVE-2019-7256)	High	2 years ago
CVE-2021-36380 KEV	[KEV] OS Command Injection in Sunhillo sureline (CVE-2021-36380)	High	2 years ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →