Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 660

ID Title
CVE-2024-56145 KEV [KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)
CVE-2025-4428 KEV [KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428)
CVE-2025-2421 Code Injection in felisify (CVE-2025-2421)
CVE-2025-45947 Code Injection in phpgurukul (CVE-2025-45947)
CVE-2025-1976 KEV [KEV] Code Injection in Broadcom brocade-fabric-os (CVE-2025-1976)
CVE-2025-1782 Code Injection in CVE-2025-1782 (CVE-2025-1782)
CVE-2025-25789 Code Injection in foxcms (CVE-2025-25789)
CVE-2025-23209 KEV [KEV] Code Injection in Craft cms craft-cms (CVE-2025-23209)
CVE-2025-22905 Code Injection in edimax (CVE-2025-22905)
CVE-2025-22906 Code Injection in edimax (CVE-2025-22906)
CVE-2024-42911 Code Injection in CVE-2024-42911 (CVE-2024-42911)
CVE-2024-54999 Code Injection in monicahq (CVE-2024-54999)
CVE-2024-54997 Code Injection in monicahq (CVE-2024-54997)
CVE-2024-54996 Cross-Site Scripting (XSS) in monicahq (CVE-2024-54996)
CVE-2024-54724 Code Injection in CVE-2024-54724 (CVE-2024-54724)
CVE-2024-50660 Code Injection in ipublishmedia (CVE-2024-50660)
CVE-2024-50658 Code Injection in ipublishmedia (CVE-2024-50658)
CVE-2024-37773 Code Injection in sunbirddcim (CVE-2024-37773)
CVE-2024-51367 Code Injection in CVE-2024-51367 (CVE-2024-51367)
CVE-2024-51330 Code Injection in ultimaker (CVE-2024-51330)
CVE-2024-50808 Code Injection in seacms (CVE-2024-50808)
CVE-2024-10035 Command Injection in privilege-escalation (CVE-2024-10035)
CVE-2024-9050 Code Injection in privilege-escalation (CVE-2024-9050)
CVE-2023-31493 Code Injection in zoneminder (CVE-2023-31493)
CVE-2024-45874 Code Injection in CVE-2024-45874 (CVE-2024-45874)
CVE-2024-45873 Code Injection in CVE-2024-45873 (CVE-2024-45873)
CVE-2024-45933 Code Injection in CVE-2024-45933 (CVE-2024-45933)
CVE-2024-7104 Code Injection in sfs (CVE-2024-7104)
CVE-2024-41623 Code Injection in d3dsecurity (CVE-2024-41623)
CVE-2024-40495 Code Injection in linksys (CVE-2024-40495)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →