Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 660

ID Title
CVE-2022-25578 Code Injection in taogogo (CVE-2022-25578)
CVE-2022-24512 Code Injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512)
CVE-2020-8218 KEV [KEV] Code Injection in Pulse secure pulse-secure (CVE-2020-8218)
CVE-2013-1347 KEV [KEV] Code Injection in Microsoft internet-explorer (CVE-2013-1347)
CVE-2012-1856 KEV [KEV] Code Injection in Microsoft office (CVE-2012-1856)
CVE-2010-0188 KEV [KEV] Code Injection in Adobe reader-and-acrobat (CVE-2010-0188)
CVE-2009-3129 KEV [KEV] Code Injection in Microsoft excel (CVE-2009-3129)
CVE-2022-25018 Code Injection in pluxml (CVE-2022-25018)
CVE-2014-6352 KEV [KEV] Code Injection in Microsoft windows (CVE-2014-6352)
CVE-2017-9841 KEV [KEV] Code Injection in phpunit (CVE-2017-9841)
CVE-2013-3906 KEV [KEV] Code Injection in Microsoft graphics-component (CVE-2013-3906)
CVE-2015-1635 KEV [KEV] Code Injection in Microsoft httpsys (CVE-2015-1635)
CVE-2021-46117 Code Injection in jpress (CVE-2021-46117)
CVE-2021-46114 Code Injection in jpress (CVE-2021-46114)
CVE-2021-46118 Code Injection in jpress (CVE-2021-46118)
CVE-2021-45806 Command Injection in jpress (CVE-2021-45806)
CVE-2015-7450 KEV [KEV] Code Injection in Ibm websphere-application-server-and-server-hypervisor-edition (CVE-2015-7450)
CVE-2019-7609 KEV [KEV] Code Injection in Elastic kibana (CVE-2019-7609)
CVE-2019-0193 KEV [KEV] Code Injection in Apache solr (CVE-2019-0193)
CVE-2021-42296 Microsoft Word Remote Code Execution Vulnerability
CVE-2019-4716 KEV [KEV] Code Injection in Ibm planning-analytics (CVE-2019-4716)
CVE-2012-0158 KEV [KEV] Code Injection in Microsoft mscomctlocx (CVE-2012-0158)
CVE-2020-8644 KEV [KEV] Code Injection in playsms (CVE-2020-8644)
CVE-2020-8243 KEV [KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2020-8243)
CVE-2021-22900 KEV [KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2021-22900)
CVE-2021-22894 KEV [KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2021-22894)
CVE-2019-9082 KEV [KEV] Vulnerability in thinkphp (CVE-2019-9082)
CVE-2019-16759 KEV [KEV] Code Injection in vbulletin (CVE-2019-16759)
CVE-2021-25877 Code Injection in youphptube (CVE-2021-25877)
CVE-2017-14853 The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attac...

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →