CVE-2020-7062
Null Pointer Dereference in PHP Session Upload Progress
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
We have discovered 597,107 live websites that are affected by CVE-2020-7062.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 597,107 live websites (4.94% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7062 and the relative popularity of websitesDetails
- Published - Feb 17, 2020
- Updated - Jul 23, 2021
Credits
- Reported by [email protected]
CWE
CVE References
CWE References
Countries
 United States | 116,767 websites |
 France | 243,435 websites |
 Russia | 65,483 websites |
 China | 19,774 websites |
 Poland | 12,637 websites |
 Germany | 12,579 websites |
 Italy | 11,587 websites |
 Belgium | 11,540 websites |
 Spain | 9,542 websites |
 GB | 9,259 websites |
TLDs
| .com | 243,650 websites |
| .fr | 108,916 websites |
| .ru | 63,371 websites |
| .org | 23,678 websites |
| .net | 15,905 websites |
| .be | 12,936 websites |
| .pl | 9,936 websites |
| .it | 8,714 websites |
| .de | 7,647 websites |
| .nl | 6,669 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2020-7062 through included software libraries and plugins.References
- https://bugs.php.net/bug.php?id=79221
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
- https://security.gentoo.org/glsa/202003-57
- https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html
- https://usn.ubuntu.com/4330-1/
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- https://www.tenable.com/security/tns-2021-14
Websites affected by CVE-2020-7062
Top websites that are affected by CVE-2020-7062. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.cz |  Czech Republic | *,*** | |
| *.cn | China | *,*** | |
| ***.*.cn | China | *,*** | |
| *****.***.cn | China | *,*** | |
| ***.*****.***.cn | China | *,*** | |
| *****.cn | China | *,*** | |
| ***.*****.cn | China | *,*** | |
| ***.*********.com | China | *,*** | |
| *.***.cn | China | *,*** | |
| ***.*.***.cn | China | *,*** |