CVE-2020-13756 - Vulnerability Details - OpenCVE

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.26554.

Key SSVC decision points have not yet been added.

Vendors	Products
Sabberworm Subscribe	Php Css Parser Subscribe

Configuration 1 [-]

cpe:2.3:a:sabberworm:php_css_parser:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4333-1	php-horde-css-parser security update
Github GHSA	GHSA-phrq-v4q2-hmq6	Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Ubuntu USN	USN-7502-1	Horde Css Parser vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html
http://seclists.org/fulldisclosure/2020/Jun/7
https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1
https://lists.debian.org/debian-lts-announce/2025/10/msg00013.html

History

Mon, 03 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/10/msg00013.html

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.24815}`	epss `{'score': 0.25296}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-03T13:46:56.000Z

Updated: 2025-11-03T17:30:46.974Z

Reserved: 2020-06-01T00:00:00.000Z

Link: CVE-2020-13756

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-06-03T14:15:12.703

Modified: 2025-11-03T18:15:37.037

Link: CVE-2020-13756

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-03T17:06:21.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2020/Jun/7"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13756", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4", "refsource": "MISC", "url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"}, {"name": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1", "refsource": "MISC", "url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"}, {"name": "http://seclists.org/fulldisclosure/2020/Jun/7", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2020/Jun/7"}, {"name": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"}]}}}, "adp": [{"title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Jun/7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00013.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:30:46.974Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13756", "datePublished": "2020-06-03T13:46:56.000Z", "dateReserved": "2020-06-01T00:00:00.000Z", "dateUpdated": "2025-11-03T17:30:46.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sabberworm:php_css_parser:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C26C280-0826-4A73-A258-642A7A64EEA8", "versionEndExcluding": "8.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."}, {"lang": "es", "value": "Sabberworm PHP CSS Parser versiones anteriores a 8.3.1, llamadas eval en datos no controlados, posiblemente conllevan a una ejecuci\u00f3n de c\u00f3digo remota si son llamadas las funciones allSelectors() o getSelectorsBySpecificity() con una entrada de un atacante."}], "id": "CVE-2020-13756", "lastModified": "2025-11-03T18:15:37.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-03T14:15:12.703", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Jun/7"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Jun/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00013.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}