Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 796

ID Title
CVE-2017-11322 OS Command Injection in ucopia (CVE-2017-11322)
CVE-2017-11321 OS Command Injection in ucopia (CVE-2017-11321)
CVE-2017-14867 OS Command Injection in git-scm (CVE-2017-14867)
CVE-2017-14001 OS Command Injection in digium (CVE-2017-14001)
CVE-2017-14705 OS Command Injection in denyall (CVE-2017-14705)
CVE-2017-11395 OS Command Injection in trendmicro (CVE-2017-11395)
CVE-2015-3431 OS Command Injection in pydio (CVE-2015-3431)
CVE-2017-14500 OS Command Injection in cpp (CVE-2017-14500)
CVE-2017-9328 OS Command Injection in terra-master (CVE-2017-9328)
CVE-2017-10813 OS Command Injection in corega (CVE-2017-10813)
CVE-2017-14429 OS Command Injection in dlink (CVE-2017-14429)
CVE-2017-14405 OS Command Injection in eyesofnetwork (CVE-2017-14405)
CVE-2017-6796 OS Command Injection in cisco (CVE-2017-6796)
CVE-2017-13713 OS Command Injection in twsz (CVE-2017-13713)
CVE-2017-14135 OS Command Injection in dreambox (CVE-2017-14135)
CVE-2017-14127 OS Command Injection in technicolor (CVE-2017-14127)
CVE-2017-14118 OS Command Injection in eyesofnetwork (CVE-2017-14118)
CVE-2017-14119 OS Command Injection in eyesofnetwork (CVE-2017-14119)
CVE-2017-14100 OS Command Injection in digium (CVE-2017-14100)
CVE-2015-5958 phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
CVE-2017-10951 OS Command Injection in foxitsoftware (CVE-2017-10951)
CVE-2017-10832 OS Command Injection in nippon-antenna (CVE-2017-10832)
CVE-2016-0634 OS Command Injection in gnu (CVE-2016-0634)
CVE-2017-11366 OS Command Injection in codiad (CVE-2017-11366)
CVE-2017-10811 OS Command Injection in buffalo (CVE-2017-10811)
CVE-2017-6710 OS Command Injection in cisco (CVE-2017-6710)
CVE-2017-11150 OS Command Injection in synology (CVE-2017-11150)
CVE-2017-12581 OS Command Injection in electron (CVE-2017-12581)
CVE-2016-7844 OS Command Injection in gigaccsecure (CVE-2016-7844)
CVE-2017-2281 OS Command Injection in iodata (CVE-2017-2281)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →