Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 796

ID Title
CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
CVE-2025-65882 OS Command Injection in c (CVE-2025-65882)
CVE-2025-53679 OS Command Injection in fortinet (CVE-2025-53679)
CVE-2025-66644 KEV [KEV] OS Command Injection in Array networks array-networks (CVE-2025-66644)
CVE-2025-66572 OS Command Injection in CVE-2025-66572 (CVE-2025-66572)
CVE-2025-29269 OS Command Injection in allnet (CVE-2025-29269)
CVE-2025-58034 KEV [KEV] OS Command Injection in Fortinet fortiweb (CVE-2025-58034)
CVE-2025-10230 OS Command Injection in CVE-2025-10230 (CVE-2025-10230)
CVE-2025-48703 KEV [KEV] OS Command Injection in Cwp control-web-panel (CVE-2025-48703)
CVE-2025-57457 OS Command Injection in CVE-2025-57457 (CVE-2025-57457)
CVE-2025-60962 OS Command Injection in endruntechnologies (CVE-2025-60962)
CVE-2025-60963 OS Command Injection in dos (CVE-2025-60963)
CVE-2025-60964 OS Command Injection in dos (CVE-2025-60964)
CVE-2025-60965 OS Command Injection in dos (CVE-2025-60965)
CVE-2025-60957 OS Command Injection in dos (CVE-2025-60957)
CVE-2025-60959 OS Command Injection in endruntechnologies (CVE-2025-60959)
CVE-2025-60960 OS Command Injection in dos (CVE-2025-60960)
CVE-2025-60787 Vulnerability in motioneye-project (CVE-2025-60787)
CVE-2014-6278 KEV [KEV] OS Command Injection in gnu (CVE-2014-6278)
CVE-2025-9588 OS Command Injection in ironmountain (CVE-2025-9588)
CVE-2025-34186 OS Command Injection in ilevia (CVE-2025-34186)
CVE-2025-9377 KEV [KEV] OS Command Injection in Tp-link multiple-routers (CVE-2025-9377)
CVE-2024-46484 OS Command Injection in trendnet (CVE-2024-46484)
CVE-2025-54948 KEV [KEV] OS Command Injection in Trend micro trend-micro (CVE-2025-54948)
CVE-2025-51390 OS Command Injection in totolink (CVE-2025-51390)
CVE-2013-10050 OS Command Injection in dlink (CVE-2013-10050)
CVE-2025-29534 OS Command Injection in CVE-2025-29534 (CVE-2025-29534)
CVE-2025-5243 OS Command Injection in CVE-2025-5243 (CVE-2025-5243)
CVE-2023-39780 KEV [KEV] OS Command Injection in Asus rt-ax55-routers (CVE-2023-39780)
CVE-2024-12987 KEV [KEV] OS Command Injection in Draytek vigor-routers (CVE-2024-12987)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →