Share
## https://sploitus.com/exploit?id=794BBA6B-66B4-57B3-B293-E2F4C959730A
# CVE-2020-13756 Vulnerable Environment

Vulnerable test environment for **CVE-2020-13756** - Sabberworm PHP CSS Parser Remote Code Execution.

## Vulnerability Details

| Field | Value |
|-------|-------|
| CVE | CVE-2020-13756 |
| Product | Sabberworm PHP CSS Parser |
| Vulnerable Versions | getSelectorsBySpecificity('> ' . $_GET['n']);
// When n=100;printf("test"); the eval() executes: eval('> 100;printf("test");')
```

## References

- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-13756)
- [Fix Commit](https://github.com/MyIntervals/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4)
- [Full Disclosure](http://seclists.org/fulldisclosure/2020/Jun/7)
- [PacketStorm](http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html)

## Disclaimer

This environment is for **authorized security testing only**. Do not use against systems without permission.

## Author

KrE80r - Security Research