Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by sabberworm

CVE-2020-13756 (GCVE-0-2020-13756)

Vulnerability from cvelistv5 – Published: 2020-06-03 13:46 – Updated: 2025-11-03 17:30

Summary

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/sabberworm/PHP-CSS-Parser/comm…	x_refsource_MISC
	https://github.com/sabberworm/PHP-CSS-Parser/rele…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2020/Jun/7	x_refsource_MISC
	http://packetstormsecurity.com/files/157923/Sabbe…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:30:46.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Jun/7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:06:21.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Jun/7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13756",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4",
              "refsource": "MISC",
              "url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
            },
            {
              "name": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1",
              "refsource": "MISC",
              "url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2020/Jun/7",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2020/Jun/7"
            },
            {
              "name": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-13756",
    "datePublished": "2020-06-03T13:46:56.000Z",
    "dateReserved": "2020-06-01T00:00:00.000Z",
    "dateUpdated": "2025-11-03T17:30:46.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by sabberworm

CVE-2020-13756 (GCVE-0-2020-13756)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.