Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 790

ID Title
CVE-2026-40456 OS Command Injection in CVE-2026-40456 (CVE-2026-40456)
CVE-2026-48997 OS Command Injection in c (CVE-2026-48997)
CVE-2026-20266 OS Command Injection in splunk (CVE-2026-20266)
CVE-2026-55743 OS Command Injection in CVE-2026-55743 (CVE-2026-55743)
CVE-2026-55748 OS Command Injection in horizon (CVE-2026-55748)
CVE-2026-53876 OS Command Injection in CVE-2026-53876 (CVE-2026-53876)
CVE-2026-11410 OS Command Injection in tp-link (CVE-2026-11410)
CVE-2026-11409 OS Command Injection in tp-link (CVE-2026-11409)
CVE-2026-49980 Vulnerability in github.com/rclone/rclone (CVE-2026-49980)
CVE-2026-22313 OS Command Injection in CVE-2026-22313 (CVE-2026-22313)
CVE-2026-49402 OS Command Injection in deno (CVE-2026-49402)
CVE-2026-44932 OS Command Injection in CVE-2026-44932 (CVE-2026-44932)
CVE-2026-12398 OS Command Injection in galaxy-ng (CVE-2026-12398)
CVE-2026-5416 OS Command Injection in CVE-2026-5416 (CVE-2026-5416)
CVE-2026-12161 OS Command Injection in devolutions (CVE-2026-12161)
CVE-2026-48723 OS Command Injection in CVE-2026-48723 (CVE-2026-48723)
CVE-2026-50874 OS Command Injection in CVE-2026-50874 (CVE-2026-50874)
CVE-2026-38063 OS Command Injection in CVE-2026-38063 (CVE-2026-38063)
CVE-2026-38064 OS Command Injection in CVE-2026-38064 (CVE-2026-38064)
CVE-2026-38065 OS Command Injection in CVE-2026-38065 (CVE-2026-38065)
CVE-2026-38062 OS Command Injection in CVE-2026-38062 (CVE-2026-38062)
CVE-2026-38060 OS Command Injection in CVE-2026-38060 (CVE-2026-38060)
CVE-2026-38061 OS Command Injection in CVE-2026-38061 (CVE-2026-38061)
CVE-2026-9862 OS Command Injection in CVE-2026-9862 (CVE-2026-9862)
CVE-2026-9863 OS Command Injection in CVE-2026-9863 (CVE-2026-9863)
CVE-2026-11527 Vulnerability in CVE-2026-11527 (CVE-2026-11527)
CVE-2026-11526 Vulnerability in CVE-2026-11526 (CVE-2026-11526)
CVE-2026-48163 OS Command Injection in mariadb (CVE-2026-48163)
CVE-2026-48165 OS Command Injection in mariadb (CVE-2026-48165)
CVE-2026-44168 OS Command Injection in mariadb (CVE-2026-44168)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →