Cwe 94

🧬 CWE Related 84

slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。

📌 Example

Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔗 Related links

MITRE CWE-94 公式ページ ↗

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 86

ID	Title	Severity	Detected
CVE-2026-20045 KEV	[KEV] Code Injection in Cisco unified-communications-manager (CVE-2026-20045)	High	3 months ago
CVE-2009-0556 KEV	[KEV] Code Injection in Microsoft office (CVE-2009-0556)	High	4 months ago
CVE-2025-37164 KEV	[KEV] Code Injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164)	High	4 months ago
CVE-2025-6204 KEV	[KEV] Code Injection in Dassault systèmes dassault-systemes (CVE-2025-6204)	High	6 months ago
CVE-2025-49704 KEV	[KEV] Code Injection in Microsoft sharepoint (CVE-2025-49704)	High	9 months ago
CVE-2024-56145 KEV	[KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)	High	11 months ago
CVE-2025-4428 KEV	[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428)	High	11 months ago
CVE-2025-1976 KEV	[KEV] Code Injection in Broadcom brocade-fabric-os (CVE-2025-1976)	High	1 year ago
CVE-2025-23209 KEV	[KEV] Code Injection in Craft cms craft-cms (CVE-2025-23209)	High	1 year ago
CVE-2022-24816 KEV	[KEV] Code Injection in Osgeo jai-ext (CVE-2022-24816)	High	1 year ago
CVE-2024-20359 KEV	[KEV] Code Injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359)	High	2 years ago
CVE-2023-24955 KEV	[KEV] Code Injection in Microsoft sharepoint-server (CVE-2023-24955)	High	2 years ago
CVE-2021-44529 KEV	[KEV] Code Injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529)	High	2 years ago
CVE-2024-21351 KEV	[KEV] Code Injection in Microsoft windows (CVE-2024-21351)	High	2 years ago
CVE-2023-6548 KEV	[KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548)	High	2 years ago
CVE-2018-14667 KEV	[KEV] Code Injection in Red hat red-hat (CVE-2018-14667)	High	2 years ago
CVE-2023-33246 KEV	[KEV] Code Injection in Apache rocketmq (CVE-2023-33246)	High	2 years ago
CVE-2023-3519 KEV	[KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-3519)	High	2 years ago
CVE-2023-25717 KEV	[KEV] Code Injection in Ruckus wireless ruckus-wireless (CVE-2023-25717)	High	2 years ago
CVE-2023-29492 KEV	[KEV] Code Injection in Novi survey novi-survey (CVE-2023-29492)	High	3 years ago
CVE-2013-3163 KEV	[KEV] Code Injection in Microsoft internet-explorer (CVE-2013-3163)	High	3 years ago
CVE-2017-7494 KEV	[KEV] Code Injection in samba (CVE-2017-7494)	High	3 years ago
CVE-2021-39144 KEV	[KEV] Code Injection in xstream (CVE-2021-39144)	High	3 years ago
CVE-2022-41223 KEV	[KEV] Code Injection in Mitel mivoice-connect (CVE-2022-41223)	High	3 years ago
CVE-2022-3236 KEV	[KEV] Code Injection in Sophos firewall (CVE-2022-3236)	High	3 years ago
CVE-2022-22963 KEV	[KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2022-22963)	High	3 years ago
CVE-2009-1862 KEV	[KEV] Code Injection in Adobe acrobat-and-reader (CVE-2009-1862)	High	3 years ago
CVE-2009-0557 KEV	[KEV] Code Injection in Microsoft office (CVE-2009-0557)	High	3 years ago
CVE-2014-4148 KEV	[KEV] Code Injection in Microsoft windows (CVE-2014-4148)	High	3 years ago
CVE-2022-22947 KEV	[KEV] Code Injection in Vmware spring-cloud-gateway (CVE-2022-22947)	High	3 years ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →