Cwe 78

🧬 CWE Related 120
slug: cwe-78

Explanation

CWE-78は「ユーザー入力をシェルコマンドの一部として使うとき、適切にエスケープせず、攻撃者がコマンドを追加実行できてしまう欠陥」のことです。 例えば `ping {ユーザー入力IP}` の {ユーザー入力IP} に `; rm -rf /` のような文字列を入れられると、サーバー上のファイルが削除されます。 対策は「シェル経由を避け、引数を配列として直接渡す (PHPなら escapeshellarg)」。
📌 Example
Shellshock (CVE-2014-6271): Bashの脆弱性で、Webサーバーへの普通のリクエスト経由で任意のシェルコマンドが実行できた歴史的な事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 790

ID Title
CVE-2026-8663 OS Command Injection in rapid7 (CVE-2026-8663)
CVE-2026-9773 OS Command Injection in unraid (CVE-2026-9773)
CVE-2026-40079 OS Command Injection in cacti (CVE-2026-40079)
CVE-2026-39938 Path Traversal in cacti (CVE-2026-39938)
CVE-2026-54699 OS Command Injection in CVE-2026-54699 (CVE-2026-54699)
CVE-2026-54686 OS Command Injection in CVE-2026-54686 (CVE-2026-54686)
CVE-2026-48732 OS Command Injection in CVE-2026-48732 (CVE-2026-48732)
CVE-2026-48731 OS Command Injection in CVE-2026-48731 (CVE-2026-48731)
CVE-2026-48719 OS Command Injection in CVE-2026-48719 (CVE-2026-48719)
CVE-2026-48703 OS Command Injection in CVE-2026-48703 (CVE-2026-48703)
CVE-2026-57282 OS Command Injection in jenkins (CVE-2026-57282)
CVE-2026-12537 Vulnerability in google (CVE-2026-12537)
CVE-2026-12851 OS Command Injection in CVE-2026-12851 (CVE-2026-12851)
CVE-2026-12850 OS Command Injection in CVE-2026-12850 (CVE-2026-12850)
CVE-2026-12486 OS Command Injection in CVE-2026-12486 (CVE-2026-12486)
CVE-2026-12849 OS Command Injection in CVE-2026-12849 (CVE-2026-12849)
CVE-2026-55249 OS Command Injection in c (CVE-2026-55249)
CVE-2026-55448 OS Command Injection in mise (CVE-2026-55448)
CVE-2026-55441 OS Command Injection in mise (CVE-2026-55441)
CVE-2026-35018 OS Command Injection in CVE-2026-35018 (CVE-2026-35018)
CVE-2026-56379 Vulnerability in imagemagick (CVE-2026-56379)
CVE-2026-56274 OS Command Injection in flowiseai (CVE-2026-56274)
CVE-2025-67038 KEV An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
CVE-2026-11834 OS Command Injection in CVE-2026-11834 (CVE-2026-11834)
CVE-2026-46606 OS Command Injection in glances (CVE-2026-46606)
CVE-2026-12815 Command Injection in CVE-2026-12815 (CVE-2026-12815)
CVE-2026-12814 Command Injection in CVE-2026-12814 (CVE-2026-12814)
CVE-2026-48787 OS Command Injection in vue (CVE-2026-48787)
CVE-2026-49260 OS Command Injection in pontedilana/php-weasyprint (CVE-2026-49260)
CVE-2026-12104 OS Command Injection in CVE-2026-12104 (CVE-2026-12104)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →