Vulnerability Details CVE-2020-13756
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.248
EPSS Ranking 95.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html
- http://seclists.org/fulldisclosure/2020/Jun/7
- https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
- https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1
- http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html
- http://seclists.org/fulldisclosure/2020/Jun/7
- https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
- https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1
Products affected by CVE-2020-13756
-
cpe:2.3:a:sabberworm:php_css_parser:0.9.0
-
cpe:2.3:a:sabberworm:php_css_parser:1.0.0
-
cpe:2.3:a:sabberworm:php_css_parser:1.0.1
-
cpe:2.3:a:sabberworm:php_css_parser:2.0.0
-
cpe:2.3:a:sabberworm:php_css_parser:2.0.1
-
cpe:2.3:a:sabberworm:php_css_parser:3.0.0
-
cpe:2.3:a:sabberworm:php_css_parser:3.0.1
-
cpe:2.3:a:sabberworm:php_css_parser:4.0.0
-
cpe:2.3:a:sabberworm:php_css_parser:4.0.1
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.0
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.1
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.2
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.3
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.4
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.5
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.6
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.7
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.8
-
cpe:2.3:a:sabberworm:php_css_parser:5.0.9
-
cpe:2.3:a:sabberworm:php_css_parser:5.1.0
-
cpe:2.3:a:sabberworm:php_css_parser:5.1.1
-
cpe:2.3:a:sabberworm:php_css_parser:5.1.2
-
cpe:2.3:a:sabberworm:php_css_parser:5.1.3
-
cpe:2.3:a:sabberworm:php_css_parser:5.2.0
-
cpe:2.3:a:sabberworm:php_css_parser:5.2.1
-
cpe:2.3:a:sabberworm:php_css_parser:6.0.0
-
cpe:2.3:a:sabberworm:php_css_parser:6.0.1
-
cpe:2.3:a:sabberworm:php_css_parser:6.0.2
-
cpe:2.3:a:sabberworm:php_css_parser:7.0.0
-
cpe:2.3:a:sabberworm:php_css_parser:7.0.1
-
cpe:2.3:a:sabberworm:php_css_parser:7.0.2
-
cpe:2.3:a:sabberworm:php_css_parser:7.0.3
-
cpe:2.3:a:sabberworm:php_css_parser:7.0.4
-
cpe:2.3:a:sabberworm:php_css_parser:8.0.0
-
cpe:2.3:a:sabberworm:php_css_parser:8.0.1
-
cpe:2.3:a:sabberworm:php_css_parser:8.1.0
-
cpe:2.3:a:sabberworm:php_css_parser:8.1.1
-
cpe:2.3:a:sabberworm:php_css_parser:8.2.0
-
cpe:2.3:a:sabberworm:php_css_parser:8.2.1
-
cpe:2.3:a:sabberworm:php_css_parser:8.3.0