How severe is CVE-2020-7066?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2020-7066?

This is classified as CWE-170, which is a common weakness in software security.

CVE-2020-7066

MEDIUM Year: 2020

CVSS v3 Score

4.3

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-170

View all →

Vulnerability Description

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

CVE-2023-48674

MEDIUM

CVSS:4.9(Medium)

Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause so...

CWE-1702023

CVE-2020-14323

MEDIUM

CVSS:5.5(Medium)

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing ...

CWE-1702020

CVE-2023-28263

MEDIUM

CVSS:5.5(Medium)

Visual Studio Information Disclosure Vulnerability

CWE-1702023

CVE-2021-1471

MEDIUM

CVSS:5.6(Medium)

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy...

CWE-1702021

CVE-2019-11045

MEDIUM

CVSS:5.9(Medium)

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to se...

CWE-1702019