Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 796

ID Title
CVE-2017-11381 OS Command Injection in trendmicro (CVE-2017-11381)
CVE-2017-9483 OS Command Injection in cisco (CVE-2017-9483)
CVE-2017-11566 AppUse 4.0 allows shell command injection via a proxy field.
CVE-2015-2279 OS Command Injection in airlive (CVE-2015-2279)
CVE-2015-2280 snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands vi...
CVE-2017-11588 OS Command Injection in cisco (CVE-2017-11588)
CVE-2017-2275 OS Command Injection in sony (CVE-2017-2275)
CVE-2017-6320 OS Command Injection in barracuda (CVE-2017-6320)
CVE-2017-1318 OS Command Injection in ibm (CVE-2017-1318)
CVE-2017-11318 OS Command Injection in cobiansoft (CVE-2017-11318)
CVE-2017-1000009 OS Command Injection in akeneo (CVE-2017-1000009)
CVE-2017-4053 OS Command Injection in mcafee (CVE-2017-4053)
CVE-2017-7175 OS Command Injection in nfsen (CVE-2017-7175)
CVE-2017-2237 OS Command Injection in toshiba (CVE-2017-2237)
CVE-2017-2183 OS Command Injection in kddi (CVE-2017-2183)
CVE-2017-2185 OS Command Injection in kddi (CVE-2017-2185)
CVE-2017-6707 OS Command Injection in cisco (CVE-2017-6707)
CVE-2017-6712 OS Command Injection in tomcat (CVE-2017-6712)
CVE-2017-6714 OS Command Injection in cisco (CVE-2017-6714)
CVE-2017-1253 OS Command Injection in ibm (CVE-2017-1253)
CVE-2017-8116 OS Command Injection in teltonika (CVE-2017-8116)
CVE-2017-2844 OS Command Injection in foscam (CVE-2017-2844)
CVE-2017-2845 OS Command Injection in foscam (CVE-2017-2845)
CVE-2017-2846 OS Command Injection in foscam (CVE-2017-2846)
CVE-2017-2847 OS Command Injection in foscam (CVE-2017-2847)
CVE-2017-2848 OS Command Injection in foscam (CVE-2017-2848)
CVE-2017-2849 OS Command Injection in foscam (CVE-2017-2849)
CVE-2017-2850 OS Command Injection in foscam (CVE-2017-2850)
CVE-2017-2841 OS Command Injection in foscam (CVE-2017-2841)
CVE-2017-2842 OS Command Injection in foscam (CVE-2017-2842)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →