Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 790

ID Title
CVE-2026-44454 OS Command Injection in github.com/coder/coder/v2 (CVE-2026-44454)
CVE-2026-58455 OS Command Injection in CVE-2026-58455 (CVE-2026-58455)
CVE-2026-56004 OS Command Injection in CVE-2026-56004 (CVE-2026-56004)
CVE-2026-58652 OS Command Injection in CVE-2026-58652 (CVE-2026-58652)
CVE-2026-58457 OS Command Injection in CVE-2026-58457 (CVE-2026-58457)
CVE-2026-13760 OS Command Injection in Amazon aws (CVE-2026-13760)
CVE-2026-58452 OS Command Injection in CVE-2026-58452 (CVE-2026-58452)
CVE-2026-34110 OS Command Injection in CVE-2026-34110 (CVE-2026-34110)
CVE-2026-34117 OS Command Injection in CVE-2026-34117 (CVE-2026-34117)
CVE-2026-34114 OS Command Injection in CVE-2026-34114 (CVE-2026-34114)
CVE-2026-34108 OS Command Injection in CVE-2026-34108 (CVE-2026-34108)
CVE-2026-34116 OS Command Injection in CVE-2026-34116 (CVE-2026-34116)
CVE-2026-34111 OS Command Injection in CVE-2026-34111 (CVE-2026-34111)
CVE-2026-34113 OS Command Injection in CVE-2026-34113 (CVE-2026-34113)
CVE-2026-34112 OS Command Injection in CVE-2026-34112 (CVE-2026-34112)
CVE-2026-34115 OS Command Injection in CVE-2026-34115 (CVE-2026-34115)
CVE-2026-34109 OS Command Injection in CVE-2026-34109 (CVE-2026-34109)
CVE-2026-34106 OS Command Injection in CVE-2026-34106 (CVE-2026-34106)
CVE-2026-34107 OS Command Injection in CVE-2026-34107 (CVE-2026-34107)
CVE-2026-50043 OS Command Injection in jvn (CVE-2026-50043)
CVE-2026-56413 OS Command Injection in CVE-2026-56413 (CVE-2026-56413)
CVE-2026-56415 OS Command Injection in CVE-2026-56415 (CVE-2026-56415)
CVE-2026-56700 OS Command Injection in CVE-2026-56700 (CVE-2026-56700)
CVE-2026-27957 OS Command Injection in CVE-2026-27957 (CVE-2026-27957)
CVE-2026-27955 OS Command Injection in c (CVE-2026-27955)
CVE-2026-56808 OS Command Injection in jvn (CVE-2026-56808)
CVE-2026-56137 OS Command Injection in jvn (CVE-2026-56137)
CVE-2026-34597 OS Command Injection in CVE-2026-34597 (CVE-2026-34597)
CVE-2026-34594 OS Command Injection in CVE-2026-34594 (CVE-2026-34594)
CVE-2026-57999 OS Command Injection in CVE-2026-57999 (CVE-2026-57999)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →