CVE-2020-7062
Null Pointer Dereference in PHP Session Upload ProgressIn PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
We have discovered 406,521 live websites that are affected by CVE-2020-7062.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 406,521 live websites (4.66% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 46 versions ( 8.41% of all versions) |
Common Weakness Enumeration
CWE-476 NULL Pointer DereferenceDetails
- Published - Feb 27, 2020
- Updated - Sep 16, 2024
Credits
- Reported by [email protected]
CWE
CVE References
CWE References
CVE-2020-7062 usage by Country
 United States | 149,681 websites |
 France | 176,963 websites |
 China | 11,526 websites |
 Germany | 8,971 websites |
 Russia | 8,618 websites |
 Japan | 4,195 websites |
 Poland | 3,975 websites |
 Netherlands | 3,491 websites |
 GB | 3,276 websites |
 Italy | 2,564 websites |
CVE-2020-7062 usage by TLD
| .com | 161,977 websites |
| .fr | 69,758 websites |
| .ru | 60,156 websites |
| .org | 14,935 websites |
| .net | 11,098 websites |
| .be | 8,265 websites |
| .pl | 7,269 websites |
| .de | 5,466 websites |
| .it | 5,232 websites |
| .eu | 3,715 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-7062
Top websites that are affected by CVE-2020-7062. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *.cn | China | *,*** | |
| *****.***.cn | China | *,*** | |
| *****.cn | China | *,*** | |
| *********.com | China | *,*** | |
| *******.com | United States | *,*** | |
| *****.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| ***.***.edu | United States | *,*** | |
| ****.***.edu | United States | *,*** | |
| ***.****.gov | United States | *,*** |
FAQ
CVE-2020-7062 is NULL Pointer Dereference in PHP
A total of 406,521 websites have been identified as vulnerable to CVE-2020-7062, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2020-7062 vulnerability.
PHP versions before 7.4.3 are vulnerable to CVE-2020-7062.
Version 7.4.3 of PHP addresses the CVE-2020-7062 security vulnerability.
References
- https://bugs.php.net/bug.php?id=79221
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
- https://security.gentoo.org/glsa/202003-57
- https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html
- https://usn.ubuntu.com/4330-1/
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- https://www.tenable.com/security/tns-2021-14