Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 796

ID Title
CVE-2026-45036 OS Command Injection in tabby (CVE-2026-45036)
CVE-2026-45035 OS Command Injection in tabby (CVE-2026-45035)
CVE-2026-46483 OS Command Injection in vim (CVE-2026-46483)
CVE-2026-41553 OS Command Injection in dhtmlx (CVE-2026-41553)
CVE-2026-8654 OS Command Injection in CVE-2026-8654 (CVE-2026-8654)
CVE-2026-44666 OS Command Injection in CVE-2026-44666 (CVE-2026-44666)
CVE-2026-45369 OS Command Injection in utcp-cli (CVE-2026-45369)
CVE-2026-41315 OS Command Injection in midoks (CVE-2026-41315)
CVE-2026-42589 OS Command Injection in github.com/gotenberg/gotenberg/v8 (CVE-2026-42589)
CVE-2026-42853 OS Command Injection in @apostrophecms/cli (CVE-2026-42853)
CVE-2026-26191 OS Command Injection in github.com/fleetdm/fleet/v4 (CVE-2026-26191)
CVE-2026-8500 OS Command Injection in CVE-2026-8500 (CVE-2026-8500)
CVE-2026-44194 OS Command Injection in opnsense (CVE-2026-44194)
CVE-2026-0261 OS Command Injection in CVE-2026-0261 (CVE-2026-0261)
CVE-2026-6281 OS Command Injection in CVE-2026-6281 (CVE-2026-6281)
CVE-2026-42924 OS Command Injection in privilege-escalation (CVE-2026-42924)
CVE-2026-34176 OS Command Injection in f5 (CVE-2026-34176)
CVE-2026-45152 OS Command Injection in gitlab.com/uniget-org/cli (CVE-2026-45152)
CVE-2026-45136 OS Command Injection in claude-code-cache-fix (CVE-2026-45136)
CVE-2026-44724 OS Command Injection in systeminformation (CVE-2026-44724)
CVE-2026-42062 OS Command Injection in CVE-2026-42062 (CVE-2026-42062)
CVE-2026-35506 OS Command Injection in CVE-2026-35506 (CVE-2026-35506)
CVE-2026-43685 OS Command Injection in claris (CVE-2026-43685)
CVE-2026-44258 OS Command Injection in path-traversal (CVE-2026-44258)
CVE-2026-23820 OS Command Injection in CVE-2026-23820 (CVE-2026-23820)
CVE-2026-23821 OS Command Injection in CVE-2026-23821 (CVE-2026-23821)
CVE-2025-53680 OS Command Injection in fortinet (CVE-2025-53680)
CVE-2025-53870 OS Command Injection in fortinet (CVE-2025-53870)
CVE-2026-41613 OS Command Injection in microsoft (CVE-2026-41613)
CVE-2026-43991 OS Command Injection in CVE-2026-43991 (CVE-2026-43991)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →