Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 657

ID Title
CVE-2017-10835 Code Injection in nippon-antenna (CVE-2017-10835)
CVE-2017-6782 Code Injection in cisco (CVE-2017-6782)
CVE-2011-0469 Code Injection in suse (CVE-2011-0469)
CVE-2017-1469 Code Injection in ibm (CVE-2017-1469)
CVE-2017-3753 Code Injection in lenovo (CVE-2017-3753)
CVE-2017-11760 Code Injection in projeqtor (CVE-2017-11760)
CVE-2017-11715 Code Injection in metinfo-project (CVE-2017-11715)
CVE-2017-11675 Code Injection in c (CVE-2017-11675)
CVE-2017-11459 Code Injection in sap (CVE-2017-11459)
CVE-2017-11585 Code Injection in finecms (CVE-2017-11585)
CVE-2015-3638 phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to s...
CVE-2015-3640 Code Injection in phpmybackuppro (CVE-2015-3640)
CVE-2017-11421 Code Injection in gnome-exe-thumbnailer-project (CVE-2017-11421)
CVE-2015-0249 Code Injection in apache (CVE-2015-0249)
CVE-2017-11167 Code Injection in finecms-project (CVE-2017-11167)
CVE-2017-10968 Code Injection in finecms-project (CVE-2017-10968)
CVE-2017-6325 Code Injection in symantec (CVE-2017-6325)
CVE-2017-9807 Code Injection in openwebif-project (CVE-2017-9807)
CVE-2017-9774 Code Injection in horde (CVE-2017-9774)
CVE-2017-9771 Code Injection in websitebaker (CVE-2017-9771)
CVE-2015-2252 Code Injection in huawei (CVE-2015-2252)
CVE-2017-9442 Code Injection in bigtreecms (CVE-2017-9442)
CVE-2015-6531 Code Injection in paloaltonetworks (CVE-2015-6531)
CVE-2017-8402 Code Injection in pivotx (CVE-2017-8402)
CVE-2017-8912 Code Injection in cmsmadesimple (CVE-2017-8912)
CVE-2017-7911 Vulnerability in cybervision (CVE-2017-7911)
CVE-2017-8284 Code Injection in c (CVE-2017-8284)
CVE-2016-4895 Code Injection in setucocms-project (CVE-2016-4895)
CVE-2017-7694 Code Injection in getsymphony (CVE-2017-7694)
CVE-2017-7691 Code Injection in sap (CVE-2017-7691)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →