Cwe 94

🧬 CWE Related 84

slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。

📌 Example

Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔗 Related links

MITRE CWE-94 公式ページ ↗

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 85

ID	Title	Severity	Detected
CVE-2022-22965 KEV	[KEV] Code Injection in Vmware spring-framework (CVE-2022-22965)	High	4 years ago
CVE-2018-1273 KEV	[KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2018-1273)	High	4 years ago
CVE-2014-6287 KEV	[KEV] Code Injection in Rejetto http-file-server-hfs (CVE-2014-6287)	High	4 years ago
CVE-2013-4810 KEV	[KEV] Code Injection in Hewlett packard (hp) hewlett-packard-hp (CVE-2013-4810)	High	4 years ago
CVE-2009-1151 KEV	[KEV] Code Injection in phpmyadmin (CVE-2009-1151)	High	4 years ago
CVE-2020-8218 KEV	[KEV] Code Injection in Pulse secure pulse-secure (CVE-2020-8218)	High	4 years ago
CVE-2013-1347 KEV	[KEV] Code Injection in Microsoft internet-explorer (CVE-2013-1347)	High	4 years ago
CVE-2012-1856 KEV	[KEV] Code Injection in Microsoft office (CVE-2012-1856)	High	4 years ago
CVE-2010-0188 KEV	[KEV] Code Injection in Adobe reader-and-acrobat (CVE-2010-0188)	High	4 years ago
CVE-2009-3129 KEV	[KEV] Code Injection in Microsoft excel (CVE-2009-3129)	High	4 years ago
CVE-2014-6352 KEV	[KEV] Code Injection in Microsoft windows (CVE-2014-6352)	High	4 years ago
CVE-2017-9841 KEV	[KEV] Code Injection in phpunit (CVE-2017-9841)	High	4 years ago
CVE-2013-3906 KEV	[KEV] Code Injection in Microsoft graphics-component (CVE-2013-3906)	High	4 years ago
CVE-2015-1635 KEV	[KEV] Code Injection in Microsoft httpsys (CVE-2015-1635)	High	4 years ago
CVE-2019-7609 KEV	[KEV] Code Injection in Elastic kibana (CVE-2019-7609)	High	4 years ago
CVE-2015-7450 KEV	[KEV] Code Injection in Ibm websphere-application-server-and-server-hypervisor-edition (CVE-2015-7450)	High	4 years ago
CVE-2019-0193 KEV	[KEV] Code Injection in Apache solr (CVE-2019-0193)	High	4 years ago
CVE-2021-22894 KEV	[KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2021-22894)	High	4 years ago
CVE-2021-22900 KEV	[KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2021-22900)	High	4 years ago
CVE-2020-8243 KEV	[KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2020-8243)	High	4 years ago
CVE-2020-8644 KEV	[KEV] Code Injection in playsms (CVE-2020-8644)	High	4 years ago
CVE-2012-0158 KEV	[KEV] Code Injection in Microsoft mscomctlocx (CVE-2012-0158)	High	4 years ago
CVE-2019-4716 KEV	[KEV] Code Injection in Ibm planning-analytics (CVE-2019-4716)	High	4 years ago
CVE-2019-9082 KEV	[KEV] Vulnerability in thinkphp (CVE-2019-9082)	High	4 years ago
CVE-2019-16759 KEV	[KEV] Code Injection in vbulletin (CVE-2019-16759)	High	4 years ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →