Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 790

ID Title
CVE-2026-57999 OS Command Injection in CVE-2026-57999 (CVE-2026-57999)
CVE-2026-13581 Command Injection in CVE-2026-13581 (CVE-2026-13581)
CVE-2026-55607 Path Traversal in anthropic (CVE-2026-55607)
CVE-2026-13561 Command Injection in CVE-2026-13561 (CVE-2026-13561)
CVE-2026-13560 Command Injection in CVE-2026-13560 (CVE-2026-13560)
CVE-2026-13545 Command Injection in dlink (CVE-2026-13545)
CVE-2026-55697 OS Command Injection in pnpm (CVE-2026-55697)
CVE-2026-49869 OS Command Injection in kestra (CVE-2026-49869)
CVE-2026-32833 OS Command Injection in CVE-2026-32833 (CVE-2026-32833)
CVE-2026-48800 OS Command Injection in cpp (CVE-2026-48800)
CVE-2026-48778 OS Command Injection in cpp (CVE-2026-48778)
CVE-2026-54636 OS Command Injection in dokku (CVE-2026-54636)
CVE-2026-45408 OS Command Injection in dokku (CVE-2026-45408)
CVE-2026-40711 OS Command Injection in CVE-2026-40711 (CVE-2026-40711)
CVE-2026-55975 OS Command Injection in cisa (CVE-2026-55975)
CVE-2025-71336 OS Command Injection in flowiseai (CVE-2025-71336)
CVE-2026-54088 OS Command Injection in CVE-2026-54088 (CVE-2026-54088)
CVE-2026-9717 OS Command Injection in schneider-electric (CVE-2026-9717)
CVE-2026-55895 OS Command Injection in vim (CVE-2026-55895)
CVE-2026-46735 OS Command Injection in CVE-2026-46735 (CVE-2026-46735)
CVE-2026-8660 OS Command Injection in rapid7 (CVE-2026-8660)
CVE-2026-8664 OS Command Injection in rapid7 (CVE-2026-8664)
CVE-2026-8665 OS Command Injection in rapid7 (CVE-2026-8665)
CVE-2026-8666 OS Command Injection in rapid7 (CVE-2026-8666)
CVE-2026-8658 OS Command Injection in rapid7 (CVE-2026-8658)
CVE-2026-8592 OS Command Injection in rapid7 (CVE-2026-8592)
CVE-2026-9155 OS Command Injection in gnu (CVE-2026-9155)
CVE-2026-9787 OS Command Injection in quest (CVE-2026-9787)
CVE-2026-8663 OS Command Injection in rapid7 (CVE-2026-8663)
CVE-2026-9773 OS Command Injection in unraid (CVE-2026-9773)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →