Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 790

ID Title
CVE-2026-11556 Command Injection in CVE-2026-11556 (CVE-2026-11556)
CVE-2026-25855 OS Command Injection in CVE-2026-25855 (CVE-2026-25855)
CVE-2026-11408 Command Injection in CVE-2026-11408 (CVE-2026-11408)
CVE-2026-45777 OS Command Injection in buffalo (CVE-2026-45777)
CVE-2026-25620 OS Command Injection in arista (CVE-2026-25620)
CVE-2026-25621 OS Command Injection in arista (CVE-2026-25621)
CVE-2026-25622 OS Command Injection in arista (CVE-2026-25622)
CVE-2026-25623 OS Command Injection in arista (CVE-2026-25623)
CVE-2026-46394 OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
CVE-2026-46399 Vulnerability in CVE-2026-46399 (CVE-2026-46399)
CVE-2026-49492 OS Command Injection in CVE-2026-49492 (CVE-2026-49492)
CVE-2026-45750 OS Command Injection in termix (CVE-2026-45750)
CVE-2026-45748 OS Command Injection in termix (CVE-2026-45748)
CVE-2026-45744 OS Command Injection in termix (CVE-2026-45744)
CVE-2026-11341 Command Injection in CVE-2026-11341 (CVE-2026-11341)
CVE-2026-50265 OS Command Injection in CVE-2026-50265 (CVE-2026-50265)
CVE-2026-21837 OS Command Injection in hcltech (CVE-2026-21837)
CVE-2026-10873 Command Injection in CVE-2026-10873 (CVE-2026-10873)
CVE-2026-10872 Command Injection in CVE-2026-10872 (CVE-2026-10872)
CVE-2026-10871 Command Injection in CVE-2026-10871 (CVE-2026-10871)
CVE-2026-10870 Command Injection in CVE-2026-10870 (CVE-2026-10870)
CVE-2025-69755 OS Command Injection in CVE-2025-69755 (CVE-2025-69755)
CVE-2026-10796 OS Command Injection in openjsf (CVE-2026-10796)
CVE-2025-67447 OS Command Injection in CVE-2025-67447 (CVE-2025-67447)
CVE-2026-35906 OS Command Injection in CVE-2026-35906 (CVE-2026-35906)
CVE-2026-45431 OS Command Injection in CVE-2026-45431 (CVE-2026-45431)
CVE-2026-3820 OS Command Injection in CVE-2026-3820 (CVE-2026-3820)
CVE-2026-50206 OS Command Injection in acer (CVE-2026-50206)
CVE-2026-49190 OS Command Injection in acer (CVE-2026-49190)
CVE-2026-10805 OS Command Injection in privilege-escalation (CVE-2026-10805)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →