Description
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
Remediation
References
Related Vulnerabilities
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)
WebLogic CVE-2021-2403 Vulnerability (CVE-2021-2403)
MySQL CVE-2021-35633 Vulnerability (CVE-2021-35633)
MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-43281)
MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-35475)