researcher says”
Source: PHP unserialization vulnerabilities in the PHP programming language have been documented since 2009. They allow hackers to perform different kinds of attacks by supplying malicious inputs to the unserialize function. This attack vector has been documented by 2009, so the fact that these flaws exist is nothing new. Last years massive Equifax breach was reportedly initiated through deserialization. The vulnerability can even be exploited using a basic JPEG image, originally a Phar archive converted into valid JPEG by changing its first 100 bytes.”]