Cwe 94

🧬 CWE Related 84
slug: cwe-94

Explanation

CWE-94は「攻撃者が送ったデータが、プログラムコードとして解釈・実行されてしまう」欠陥です。 Pythonの `eval()`・PHPの `eval()`/`include()` にユーザー入力を渡すような実装が典型例です。 リモートコード実行 (RCE) の直接的な原因となるため、最も重大なクラスの脆弱性です。
📌 Example
Log4Shell (CVE-2021-44228) はLog4jのJNDI Lookupを悪用したコードインジェクションで、世界中のJavaサーバーが数日でハッキングされた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 658

ID Title
CVE-2013-3163 KEV [KEV] Code Injection in Microsoft internet-explorer (CVE-2013-3163)
CVE-2017-7494 KEV [KEV] Code Injection in samba (CVE-2017-7494)
CVE-2023-25261 Code Injection in stimulsoft (CVE-2023-25261)
CVE-2021-39144 KEV [KEV] Code Injection in xstream (CVE-2021-39144)
CVE-2022-45553 Code Injection in zbt (CVE-2022-45553)
CVE-2022-41223 KEV [KEV] Code Injection in Mitel mivoice-connect (CVE-2022-41223)
CVE-2022-44702 Windows Terminal Remote Code Execution Vulnerability
CVE-2022-44087 Code Injection in ecisp (CVE-2022-44087)
CVE-2022-44088 Code Injection in ecisp (CVE-2022-44088)
CVE-2022-44089 Code Injection in ecisp (CVE-2022-44089)
CVE-2022-41061 Microsoft Word Remote Code Execution Vulnerability
CVE-2022-3236 KEV [KEV] Code Injection in Sophos firewall (CVE-2022-3236)
CVE-2022-37053 TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.
CVE-2022-22963 KEV [KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2022-22963)
CVE-2022-36262 Code Injection in taogogo (CVE-2022-36262)
CVE-2009-1862 KEV [KEV] Code Injection in Adobe acrobat-and-reader (CVE-2009-1862)
CVE-2009-0557 KEV [KEV] Code Injection in Microsoft office (CVE-2009-0557)
CVE-2014-4148 KEV [KEV] Code Injection in Microsoft windows (CVE-2014-4148)
CVE-2021-41653 Code Injection in tp-link (CVE-2021-41653)
CVE-2020-17091 Microsoft Teams Remote Code Execution Vulnerability
CVE-2022-22947 KEV [KEV] Code Injection in Vmware spring-cloud-gateway (CVE-2022-22947)
CVE-2022-22954 KEV [KEV] Code Injection in Vmware workspace-one-access-and-identity-manager (CVE-2022-22954)
CVE-2021-40219 Code Injection in bolt (CVE-2021-40219)
CVE-2022-22965 KEV [KEV] Code Injection in Vmware spring-framework (CVE-2022-22965)
CVE-2018-1273 KEV [KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2018-1273)
CVE-2014-6287 KEV [KEV] Code Injection in Rejetto http-file-server-hfs (CVE-2014-6287)
CVE-2013-4810 KEV [KEV] Code Injection in Hewlett packard (hp) hewlett-packard-hp (CVE-2013-4810)
CVE-2009-1151 KEV [KEV] Code Injection in phpmyadmin (CVE-2009-1151)
CVE-2022-25578 Code Injection in taogogo (CVE-2022-25578)
CVE-2022-24512 Code Injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →