Lucene search
GoogleOSV:GHSA-PHRQ-V4Q2-HMQ6HistoryMar 26, 2022 - 12:15 a.m.
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
2022-03-2600:15:22
Google
osv.dev
15
0.015 Low
EPSS
Percentile
87.1%
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
References
packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html
seclists.org/fulldisclosure/2020/Jun/7
github.com/FriendsOfPHP/security-advisories/blob/master/sabberworm/php-css-parser/CVE-2020-13756.yaml
github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1
nvd.nist.gov/vuln/detail/CVE-2020-13756
packetstormsecurity.com/files/cve/CVE-2020-13756
Related
veracode
veracode
Remote Code Execution
2020-06-04 05:19:37
friendsofphp
friendsofphp
Code injection vulnerability in allSelectors()
1970-01-01 00:00:00
Code injection vulnerability in allSelectors()
1970-01-01 00:00:00
zdt
zdt
Sabberworm PHP CSS Code Injection Vulnerability
2020-06-03 00:00:00
cve
cve
CVE-2020-13756
2020-06-03 14:15:12
attackerkb
attackerkb
CVE-2020-13756
2020-06-03 00:00:00
cvelist
cvelist
CVE-2020-13756
2020-06-03 13:46:56
prion
prion
Remote code execution
2020-06-03 14:15:00
github
github
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
2022-03-26 00:15:22
packetstorm
packetstorm
Sabberworm PHP CSS Code Injection
2020-06-03 00:00:00
threatpost
threatpost
TrickBot Takes Over, After Cops Kneecap Emotet
2021-03-11 21:47:23
osv
osv
CVE-2020-13756
2020-06-03 14:15:12
nvd
nvd
CVE-2020-13756
2020-06-03 14:15:12
checkpoint_advisories
checkpoint_advisories