Search
Find a vulnerability
Search criteria
1 vulnerability by sabberworm
CVE-2020-13756 (GCVE-0-2020-13756)
Vulnerability from cvelistv5 – Published: 2020-06-03 13:46 – Updated: 2025-11-03 17:30
VLAI
Summary
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/sabberworm/PHP-CSS-Parser/comm… | x_refsource_MISC |
| https://github.com/sabberworm/PHP-CSS-Parser/rele… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Jun/7 | x_refsource_MISC |
| http://packetstormsecurity.com/files/157923/Sabbe… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:30:46.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T17:06:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4",
"refsource": "MISC",
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"name": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1",
"refsource": "MISC",
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"name": "http://seclists.org/fulldisclosure/2020/Jun/7",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
},
{
"name": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13756",
"datePublished": "2020-06-03T13:46:56.000Z",
"dateReserved": "2020-06-01T00:00:00.000Z",
"dateUpdated": "2025-11-03T17:30:46.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}