Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 796

ID Title
CVE-2026-43990 Command Injection in c (CVE-2026-43990)
CVE-2026-31226 OS Command Injection in CVE-2026-31226 (CVE-2026-31226)
CVE-2026-8051 OS Command Injection in ivanti (CVE-2026-8051)
CVE-2026-45087 Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087)
CVE-2026-42290 OS Command Injection in protobufjs-cli (CVE-2026-42290)
CVE-2026-35071 OS Command Injection in dell (CVE-2026-35071)
CVE-2025-40949 OS Command Injection in siemens (CVE-2025-40949)
CVE-2025-40947 OS Command Injection in siemens (CVE-2025-40947)
CVE-2026-7256 OS Command Injection in zyxel (CVE-2026-7256)
CVE-2026-45393 Reserved. Details will be published at disclosure.
CVE-2026-45391 Reserved. Details will be published at disclosure.
CVE-2026-30635 OS Command Injection in automagik-genie (CVE-2026-30635)
CVE-2026-25244 OS Command Injection in @wdio/browserstack-service (CVE-2026-25244)
CVE-2026-7816 OS Command Injection in pgadmin4 (CVE-2026-7816)
CVE-2026-31246 OS Command Injection in gpt-pilot (CVE-2026-31246)
CVE-2026-44346 OS Command Injection in bentoml (CVE-2026-44346)
CVE-2026-44345 OS Command Injection in bentoml (CVE-2026-44345)
CVE-2026-4802 OS Command Injection in CVE-2026-4802 (CVE-2026-4802)
CVE-2026-8273 Command Injection in dlink (CVE-2026-8273)
CVE-2026-8272 Command Injection in dlink (CVE-2026-8272)
CVE-2026-8271 Command Injection in dlink (CVE-2026-8271)
CVE-2026-8265 Command Injection in tenda (CVE-2026-8265)
CVE-2026-8264 Command Injection in tenda (CVE-2026-8264)
CVE-2026-8263 Command Injection in tenda (CVE-2026-8263)
CVE-2026-8259 Command Injection in tenda (CVE-2026-8259)
CVE-2026-8235 Command Injection in CVE-2026-8235 (CVE-2026-8235)
CVE-2026-8228 Command Injection in wavlink (CVE-2026-8228)
CVE-2026-8227 Command Injection in wavlink (CVE-2026-8227)
CVE-2026-8229 Command Injection in wavlink (CVE-2026-8229)
CVE-2026-8230 Command Injection in wavlink (CVE-2026-8230)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →