Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 790

ID Title
CVE-2026-44465 OS Command Injection in zed (CVE-2026-44465)
CVE-2026-44463 OS Command Injection in zed (CVE-2026-44463)
CVE-2026-44461 OS Command Injection in zed (CVE-2026-44461)
CVE-2026-4408 OS Command Injection in redhat (CVE-2026-4408)
CVE-2026-44604 OS Command Injection in CVE-2026-44604 (CVE-2026-44604)
CVE-2026-45322 OS Command Injection in CVE-2026-45322 (CVE-2026-45322)
CVE-2026-9208 Tanium addressed an unauthorized code execution vulnerability in Connect.
CVE-2026-44713 OS Command Injection in c (CVE-2026-44713)
CVE-2026-44712 OS Command Injection in CVE-2026-44712 (CVE-2026-44712)
CVE-2026-44709 OS Command Injection in CVE-2026-44709 (CVE-2026-44709)
CVE-2026-44590 OS Command Injection in CVE-2026-44590 (CVE-2026-44590)
CVE-2026-36044 OS Command Injection in CVE-2026-36044 (CVE-2026-36044)
CVE-2026-36045 OS Command Injection in github.com/sipeed/picoclaw (CVE-2026-36045)
CVE-2026-40852 OS Command Injection in CVE-2026-40852 (CVE-2026-40852)
CVE-2026-8450 Vulnerability in CVE-2026-8450 (CVE-2026-8450)
CVE-2026-9207 Tanium addressed an unauthorized code execution vulnerability in Connect.
CVE-2026-44444 OS Command Injection in CVE-2026-44444 (CVE-2026-44444)
CVE-2026-9560 OS Command Injection in privilege-escalation (CVE-2026-9560)
CVE-2026-48694 Command Injection in pavel-odintsov (CVE-2026-48694)
CVE-2026-48695 OS Command Injection in pavel-odintsov (CVE-2026-48695)
CVE-2026-46624 OS Command Injection in sqli (CVE-2026-46624)
CVE-2026-9565 Command Injection in CVE-2026-9565 (CVE-2026-9565)
CVE-2026-44723 OS Command Injection in vowpalwabbit (CVE-2026-44723)
CVE-2026-48687 OS Command Injection in c (CVE-2026-48687)
CVE-2026-4480 OS Command Injection in redhat (CVE-2026-4480)
CVE-2026-9543 Command Injection in CVE-2026-9543 (CVE-2026-9543)
CVE-2026-9534 Command Injection in CVE-2026-9534 (CVE-2026-9534)
CVE-2026-9533 Command Injection in CVE-2026-9533 (CVE-2026-9533)
CVE-2026-9532 Command Injection in CVE-2026-9532 (CVE-2026-9532)
CVE-2026-9531 Command Injection in CVE-2026-9531 (CVE-2026-9531)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →