CWE 78: OS Command Injection flaws occur if your application executes a native command when the name of, path of, or arguments to the command contain untrusted data
CWE (Common weakness enumeration) 78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
其中OS命令注入、随机值不足和异常条件不当处理最为频繁。
CWE-78:OS命令注入(OS Command Injection) OS命令注入是指攻击者通过在用户输入的数据中注入恶意的系统命令,从而实现对操作系统的非授权操作,如执行任意命令、查看敏感信息等。为了防止OS命令注入攻击,开发人员应当对用户输入进行严格的验证和过滤,并使用安全的API来执行系统命令。 CWE-311:XML外部实体攻击(XML External...
Veracode Static Analysis will report CWE 78 Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) if it can detect that there are strings from outside of the application (HTTP Request, File, Database, webservice, etc.) being us...
[11] CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') [12] CWE-787 Out-of-bounds Write [13] CWE-287 Improper Authentication [14] CWE-476 NULL Pointer Dereference [15] CWE-732 Incorrect Permission Assignment for Critical Resource ...
OS command injection attacks are exploited by using shell meta characters to escape, or break out of, the hardcoded command and issue additional commands on the system. This particular issue was identified due to a weakness in older versions of the bash shell. Please see http://web.nv...
5. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 78 6. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 89 7. Use After Free 416 8. Improper Limitation of a Pathname to a Restricted Directory ('Path Trave...
CWE-78- improperly neutralizing special elements in operating system commands (OS command injection). Severity score: 17.53. CWE-416- using after free. Severity score: 15.50. CWE-22- improperly limiting pathnames to restricted directories (path traversal). Severity score: 14.08. ...
CWE-77 在命令中使用的特殊元素转义处理不恰当(命令注入)(Improper Neutralization of Special Elements used in a Command (‘Command Injection’)): 从31到25 2.2.2. 下降最快的前5名缺陷 CWE-200 将敏感信息暴露给未经授权的行为者(Exposure of Sensitive Information to an Unauthorized Actor): 从7到20 ...