Lucene search
Veracode Vulnerability DatabaseVERACODE:25604HistoryJun 04, 2020 - 5:19 a.m.
Remote Code Execution
2020-06-0405:19:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.015 Low
EPSS
Percentile
87.1%
sabberworm/php-css-parser is vulnerable to remote code execution. Untrusted user input is passed into eval when the functions allSelectors() or getSelectorsBySpecificity() are called which will lead to arbitrary code execution.
References
packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html
seclists.org/fulldisclosure/2020/Jun/7
github.com/sabberworm/PHP-CSS-Parser/commit/114212ad3556b83a5659b295244906eef62b855c
github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
github.com/sabberworm/PHP-CSS-Parser/commit/7f81cfd7c81a6f6f5ec46571b587a206141a58bb
github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1
Related
friendsofphp
friendsofphp
Code injection vulnerability in allSelectors()
1970-01-01 00:00:00
Code injection vulnerability in allSelectors()
1970-01-01 00:00:00
zdt
zdt
Sabberworm PHP CSS Code Injection Vulnerability
2020-06-03 00:00:00
cve
cve
CVE-2020-13756
2020-06-03 14:15:12
attackerkb
attackerkb
CVE-2020-13756
2020-06-03 00:00:00
cvelist
cvelist
CVE-2020-13756
2020-06-03 13:46:56
prion
prion
Remote code execution
2020-06-03 14:15:00
github
github
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
2022-03-26 00:15:22
packetstorm
packetstorm
Sabberworm PHP CSS Code Injection
2020-06-03 00:00:00
threatpost
threatpost
TrickBot Takes Over, After Cops Kneecap Emotet
2021-03-11 21:47:23
osv
osv
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
2022-03-26 00:15:22
CVE-2020-13756
2020-06-03 14:15:12
nvd
nvd
CVE-2020-13756
2020-06-03 14:15:12
checkpoint_advisories
checkpoint_advisories