CVE-2020-13756
CVE-2020-13756
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.htmlhttp://seclists.org/fulldisclosure/2020/Jun/7https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1https://lists.debian.org/debian-lts-announce/2025/10/msg00013.html