Diving into unserialize(): More than RCE
Achieving authentication bypass and SQL injection using PHP’s unserialize()
Sep 28, 2019 · 4 min read
Last time, we talked about how PHP’s unserialize leads to vulnerabilities, and how an attacker can utilize it to achieve RCE.


