PHP 7.2.34 was the final release of the 7.2 series, and while it was intended to be the most stable version of that branch, it is now End-of-Life (EOL) and contains several documented vulnerabilities. On GitHub, you will find various Proof of Concept (PoC) scripts targeting these flaws.
Weak Cryptography (CVE-2020-7069): This flaw affected the openssl_encrypt() function when using AES-CCM mode with a 12-byte Initialization Vector (IV). In these cases, PHP only utilized the first 7 bytes of the IV, significantly reducing the encryption strength and potentially compromising the integrity of encrypted data. php 7.2.34 exploit github
The Flaw: Attackers can use null bytes or specific filter strings to bypass filter_var() checks. The official PHP website and its security announcements