What is CVE-2020-13756?

CVE-2020-13756 is a vulnerability in N/a. Published 2020-06-03.

Is CVE-2020-13756 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

EPSS: 0.574 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

KrE80r/CVE-2020-13756-env
ARPSyndicate/cve-scores
w4zu/Debian_

References

github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062… (x_refsource_MISC)
github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1 (x_refsource_MISC)
seclists.org/fulldisclosure/2020/Jun/7 (x_refsource_MISC)
packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-13756?: CVE-2020-13756 is a vulnerability in N/a. Published 2020-06-03.
Is CVE-2020-13756 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.