PHP Other Vulnerability - CVE-2019-11044

In PHP versions 7.2.x below 7.2.26 7.3.x below 7.3.13 and 7.4.0 on Windows PHP link() function accepts filenames with embedded 0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities e.g. in applications checking paths that the code is allowed to access.