目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-95 动态执行代码中指令转义处理不恰当(Eval注入) 类漏洞列表 106

CWE-95 动态执行代码中指令转义处理不恰当(Eval注入) 类弱点 106 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-95 属于代码注入类漏洞,指程序在接收上游输入后,未正确净化代码语法便直接用于动态执行调用(如 eval)。攻击者通常通过构造恶意输入,诱导程序执行任意代码,从而获取系统控制权或窃取数据。开发者应避免使用动态执行函数,若必须使用,需严格对输入进行白名单校验或转义特殊字符,确保仅允许预期的安全代码片段被执行,从而从根源上阻断注入风险。

MITRE CWE 官方描述
CWE:CWE-95 动态评估代码中指令的不当中和('Eval Injection') 英文:产品从上游组件接收输入,但在将输入用于动态评估调用(例如 "eval")之前,未对代码语法进行中和或中和不当。
常见影响 (5)
ConfidentialityRead Files or Directories, Read Application Data
The injected code could access restricted data / files.
Access ControlBypass Protection Mechanism
In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
Access ControlGain Privileges or Assume Identity
Injected code can access resources that the attacker is directly prevented from accessing.
Integrity, Confidentiality, Availability, OtherExecute Unauthorized Code or Commands
Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code or at least modify what code can be executed.
Non-RepudiationHide Activities
Often the actions performed by injected control code are unlogged.
缓解措施 (4)
Architecture and Design, ImplementationIf possible, refactor your code so that it does not need to use eval() at all.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalizat…
ImplementationFor Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
Effectiveness: Discouraged Common Practice
代码示例 (2)
edit-config.pl: This CGI script is used to modify settings in a configuration file.
use CGI qw(:standard); sub config_file_add_key { my ($fname, $key, $arg) = @_; # code to add a field/key to a file goes here } sub config_file_set_key { my ($fname, $key, $arg) = @_; # code to set key to a particular file goes here } sub config_file_delete_key { my ($fname, $key, $arg) = @_; # code to delete key from a particular file goes here } sub handleConfigAction { my ($fname, $action) = @_; my $key = param('key'); my $val = param('val'); # this is super-efficient code, especially if you have to invoke # any one of dozens of different functions! my $code = "config_file_$action_key(\$fnam
Bad · Perl
add_key(",","); system("/bin/ls");
Attack
This simple python3 script asks a user to supply a comma-separated list of numbers as input and adds them together.
def main(): sum = 0 try: numbers = eval(input("Enter a comma-separated list of numbers: ")) except SyntaxError: print("Error: invalid input") return for num in numbers: sum = sum + num print(f"Sum of {numbers} = {sum}") main()
Bad · Python
__import__('subprocess').getoutput('rm -r *')
Attack
CVE ID标题CVSS风险等级Published
CVE-2026-44128 Apache HTTP Server 2.4.49 远程代码执行漏洞 — Secure Email Gateway--2026-05-08
CVE-2026-42079 PPTAgent 通过 LLM 生成代码中的内置函数执行任意代码漏洞 — PPTAgent 8.6 High2026-05-04
CVE-2026-6652 Pagekit 安全漏洞 — CMS 4.7 Medium2026-04-20
CVE-2026-33618 Chamilo LMS 安全漏洞 — chamilo-lms 8.8 High2026-04-10
CVE-2026-5971 MetaGPT 安全漏洞 — MetaGPT 7.3 High2026-04-09
CVE-2026-4837 Rapid7 Insight Agent 安全漏洞 — Insight Agent 6.6 Medium2026-04-08
CVE-2026-22666 Dolibarr ERP/CRM 安全漏洞 — Dolibarr ERP/CRM 7.2 High2026-04-07
CVE-2026-35002 agno 安全漏洞 — Agno 9.8AICriticalAI2026-04-02
CVE-2026-4965 Letta-ai letta 安全漏洞 — letta 7.3 High2026-03-27
CVE-2026-4001 WordPress plugin Woocommerce Custom Product Addons Pro 安全漏洞 — Woocommerce Custom Product Addons Pro 9.8 Critical2026-03-23
CVE-2025-40943 Siemens多款产品 跨站脚本漏洞 — SIMATIC Drive Controller CPU 1504D TF 9.6 Critical2026-03-10
CVE-2026-29091 Locutus 安全漏洞 — locutus 8.1 High2026-03-06
CVE-2025-50187 Chamilo 安全漏洞 — chamilo-lms 9.8 Critical2026-03-02
CVE-2026-28370 OpenStack Vitrage 安全漏洞 — Vitrage 9.1 Critical2026-02-27
CVE-2025-15551 TP-Link多款产品 安全漏洞 — Archer MR200 v5.2 8.1AIHighAI2026-02-05
CVE-2020-37137 PHPFusion 安全漏洞 — PHP Fusion 6.1 Medium2026-02-05
CVE-2026-1470 n8n 安全漏洞 9.9 Critical2026-01-27
CVE-2026-24474 Dioxus Components 安全漏洞 — components 7.5 -2026-01-23
CVE-2026-0769 Langflow 安全漏洞 — Langflow 9.8 -2026-01-23
CVE-2026-23885 AlchemyCMS 安全漏洞 — alchemy_cms 6.4 Medium2026-01-19
CVE-2026-0863 n8n 安全漏洞 8.5 High2026-01-18
CVE-2025-68271 OpenC3 COSMOS 安全漏洞 — cosmos 10.0 Critical2026-01-13
CVE-2025-54322 Xspeeder SXZOS 安全漏洞 — SXZOS 10.0 Critical2025-12-27
CVE-2025-66474 XWiki Rendering 安全漏洞 — xwiki-rendering 8.8AIHighAI2025-12-10
CVE-2025-12140 Simple SA Wirtualna Uczelnia 安全漏洞 — Wirtualna Uczelnia 9.8 -2025-11-27
CVE-2025-64496 Open WebUI 安全漏洞 — open-webui 7.3 High2025-11-08
CVE-2025-61955 F5 F5OS-A和F5 F5OS-C 安全漏洞 — F5OS - Appliance 7.8 High2025-10-15
CVE-2011-10033 WordPress plugin is-human 安全漏洞 — is-human WordPress Plugin 9.8AICriticalAI2025-10-15
CVE-2025-48868 Horilla 安全漏洞 — horilla 7.2 High2025-09-24
CVE-2025-55728 xwiki-pro-macros 安全漏洞 — xwiki-pro-macros 10.0 Critical2025-09-09

CWE-95(动态执行代码中指令转义处理不恰当(Eval注入)) 是常见的弱点类别,本平台收录该类弱点关联的 106 条 CVE 漏洞。