Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 796

ID Title
CVE-2026-9408 Command Injection in CVE-2026-9408 (CVE-2026-9408)
CVE-2026-9406 Command Injection in CVE-2026-9406 (CVE-2026-9406)
CVE-2026-9404 Command Injection in CVE-2026-9404 (CVE-2026-9404)
CVE-2026-9387 Command Injection in CVE-2026-9387 (CVE-2026-9387)
CVE-2026-9388 Command Injection in CVE-2026-9388 (CVE-2026-9388)
CVE-2026-9385 Command Injection in CVE-2026-9385 (CVE-2026-9385)
CVE-2026-9386 Command Injection in CVE-2026-9386 (CVE-2026-9386)
CVE-2026-9384 Command Injection in CVE-2026-9384 (CVE-2026-9384)
CVE-2026-9367 Command Injection in CVE-2026-9367 (CVE-2026-9367)
CVE-2026-9343 Command Injection in CVE-2026-9343 (CVE-2026-9343)
CVE-2026-9347 Command Injection in CVE-2026-9347 (CVE-2026-9347)
CVE-2026-8652 OS Command Injection in jvn (CVE-2026-8652)
CVE-2026-46716 OS Command Injection in github.com/nezhahq/nezha (CVE-2026-46716)
CVE-2026-46643 OS Command Injection in KnpLabs/knp-snappy (CVE-2026-46643)
CVE-2026-46618 Vulnerability in github.com/fission/fission (CVE-2026-46618)
CVE-2026-45255 OS Command Injection in freebsd (CVE-2026-45255)
CVE-2026-44076 OS Command Injection in CVE-2026-44076 (CVE-2026-44076)
CVE-2026-44072 OS Command Injection in CVE-2026-44072 (CVE-2026-44072)
CVE-2026-44055 OS Command Injection in CVE-2026-44055 (CVE-2026-44055)
CVE-2026-8632 Command Injection in hp (CVE-2026-8632)
CVE-2026-20206 OS Command Injection in cisco (CVE-2026-20206)
CVE-2026-34234 OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
CVE-2026-8603 OS Command Injection in scadabr (CVE-2026-8603)
CVE-2026-36828 OS Command Injection in CVE-2026-36828 (CVE-2026-36828)
CVE-2026-36827 OS Command Injection in CVE-2026-36827 (CVE-2026-36827)
CVE-2026-37281 OS Command Injection in express (CVE-2026-37281)
CVE-2026-27130 OS Command Injection in CVE-2026-27130 (CVE-2026-27130)
CVE-2026-45626 OS Command Injection in github.com/getarcaneapp/arcane/backend (CVE-2026-45626)
CVE-2026-8767 Command Injection in vercel (CVE-2026-8767)
CVE-2026-45578 OS Command Injection in WWBN/AVideo (CVE-2026-45578)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →