PHP version 7.3.15-3 suffers from a PHP_SESSION_UPLOAD_PROGRESS session data injection vulnerability.
0d7b754de6ea28230085a820164b59d8636ad39721aaac177baa5ce7b9713c5d
This whitepaper discusses chain session upload progress to remote code execution when taking advantage of local file inclusion.
3c9df4f24a784d6c632f742ca3902c18462336b6f1ee4031041e932d800f8a5d