VDB
DEBIAN-CVE-2020-7062
DEBIAN-CVE-2020-7062
PUBLISHED
CVSS 7.5 HIGH
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | php7.4 | 0, 0, 0 |
Timeline
- Feb 27, 2020 CVE Published
- Apr 28, 2026 CVE Updated