BIT-php-2020-7062

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/php/BIT-php-2020-7062.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-php-2020-7062
Aliases
Published
2024-03-06T11:07:23.066Z
Modified
2025-05-20T10:02:07.006Z
Summary
Null Pointer Dereference in PHP Session Upload Progress
Details

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

Database specific
{
    "cpes": [
        "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / php

Package

Name
php
Purl
pkg:bitnami/php

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.2.0
Fixed
7.2.28
Introduced
7.3.0
Fixed
7.3.15
Introduced
7.4.0
Fixed
7.4.3