CVE-2020-7062
Null Pointer Dereference in PHP Session Upload ProgressIn PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
We have discovered 597,107 live websites that are affected by CVE-2020-7062.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.2 before 7.2.28
- from 7.3 before 7.3.15
- from 7.4 before 7.4.3
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 597,107 live websites (4.94% of PHP install base) |
Common Weakness Enumeration
CWE-476 NULL Pointer Dereference
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7062 and the relative popularity of websites