Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 790

ID Title
CVE-2017-6682 OS Command Injection in tomcat (CVE-2017-6682)
CVE-2017-6683 OS Command Injection in tomcat (CVE-2017-6683)
CVE-2016-7806 OS Command Injection in iodata (CVE-2016-7806)
CVE-2016-7819 OS Command Injection in iodata (CVE-2016-7819)
CVE-2017-2824 OS Command Injection in zabbix (CVE-2017-2824)
CVE-2017-5173 OS Command Injection in geutebrueck (CVE-2017-5173)
CVE-2017-8799 OS Command Injection in irods (CVE-2017-8799)
CVE-2017-8768 OS Command Injection in atlassian (CVE-2017-8768)
CVE-2017-7981 OS Command Injection in c (CVE-2017-7981)
CVE-2017-2152 OS Command Injection in buffalo-inc (CVE-2017-2152)
CVE-2017-2112 OS Command Injection in iodata (CVE-2017-2112)
CVE-2017-2128 OS Command Injection in information-technology-promotion-agency (CVE-2017-2128)
CVE-2017-2141 OS Command Injection in iodata (CVE-2017-2141)
CVE-2017-2096 OS Command Injection in smalruby (CVE-2017-2096)
CVE-2017-8220 OS Command Injection in tp-link (CVE-2017-8220)
CVE-2017-8051 OS Command Injection in tenable (CVE-2017-8051)
CVE-2016-8721 OS Command Injection in moxa (CVE-2016-8721)
CVE-2017-7690 OS Command Injection in proxifier (CVE-2017-7690)
CVE-2016-5313 OS Command Injection in symantec (CVE-2016-5313)
CVE-2017-6597 OS Command Injection in cisco (CVE-2017-6597)
CVE-2017-6600 OS Command Injection in cisco (CVE-2017-6600)
CVE-2017-6601 OS Command Injection in cisco (CVE-2017-6601)
CVE-2017-6602 OS Command Injection in cisco (CVE-2017-6602)
CVE-2017-6606 OS Command Injection in cisco (CVE-2017-6606)
CVE-2016-10320 OS Command Injection in textract-project (CVE-2016-10320)
CVE-2016-9091 OS Command Injection in bluecoat (CVE-2016-9091)
CVE-2017-7413 OS Command Injection in horde (CVE-2017-7413)
CVE-2017-7414 OS Command Injection in horde (CVE-2017-7414)
CVE-2017-6182 OS Command Injection in sophos (CVE-2017-6182)
CVE-2017-5330 OS Command Injection in fedoraproject (CVE-2017-5330)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →