VDB

CVE-2020-13756

CVE-2020-13756 PUBLISHED

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

EPSS 27.85% · 96.6th percentile

Risk Scores

EPSS Score
27.85%
96.6th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSphp-horde-css-parser1.0.7-1, 1.0.7-2, 1.0.8-1
Ubuntu:Pro:18.04:LTSphp-horde-css-parser0, 1.0.11-1ubuntu1, 1.0.11-1

Exploit Intelligence

…and 22 more exploits

Timeline

  • Jun 3, 2020 PoC Published
  • Jun 3, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 12, 2022 VulnCheck KEV Exploitation
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • May 11, 2022 VulnCheck KEV Exploitation
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›