Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 658

ID Title
CVE-2024-37821 Code Injection in dolibarr (CVE-2024-37821)
CVE-2024-20359 KEV [KEV] Code Injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359)
CVE-2024-28699 Code Injection in CVE-2024-28699 (CVE-2024-28699)
CVE-2024-29477 Code Injection in dolibarr (CVE-2024-29477)
CVE-2023-24955 KEV [KEV] Code Injection in Microsoft sharepoint-server (CVE-2023-24955)
CVE-2024-28386 Code Injection in home-made (CVE-2024-28386)
CVE-2021-44529 KEV [KEV] Code Injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529)
CVE-2024-24520 Code Injection in lepton-cms (CVE-2024-24520)
CVE-2024-21351 KEV [KEV] Code Injection in Microsoft windows (CVE-2024-21351)
CVE-2024-24396 Cross-Site Scripting (XSS) in stimulsoft (CVE-2024-24396)
CVE-2024-22899 Code Injection in vinchin (CVE-2024-22899)
CVE-2023-36177 Code Injection in badaix (CVE-2023-36177)
CVE-2023-6548 KEV [KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548)
CVE-2023-46987 Code Injection in seacms (CVE-2023-46987)
CVE-2023-48192 Code Injection in totolink (CVE-2023-48192)
CVE-2023-46958 Code Injection in lmxcms (CVE-2023-46958)
CVE-2023-46010 Code Injection in seacms (CVE-2023-46010)
CVE-2023-41450 Code Injection in phpkobo (CVE-2023-41450)
CVE-2018-14667 KEV [KEV] Code Injection in Red hat red-hat (CVE-2018-14667)
CVE-2023-43234 Code Injection in dedebiz (CVE-2023-43234)
CVE-2023-33246 KEV [KEV] Code Injection in Apache rocketmq (CVE-2023-33246)
CVE-2023-33469 Code Injection in kramerav (CVE-2023-33469)
CVE-2023-36095 Code Injection in langchain (CVE-2023-36095)
CVE-2023-36255 Code Injection in eramba (CVE-2023-36255)
CVE-2023-34842 Code Injection in dedecms (CVE-2023-34842)
CVE-2023-3519 KEV [KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-3519)
CVE-2022-47879 Code Injection in jedox (CVE-2022-47879)
CVE-2023-25717 KEV [KEV] Code Injection in Ruckus wireless ruckus-wireless (CVE-2023-25717)
CVE-2023-30404 Code Injection in aigital (CVE-2023-30404)
CVE-2023-29492 KEV [KEV] Code Injection in Novi survey novi-survey (CVE-2023-29492)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →