News

GitHub

VitexSoftware/php-pohoda-serialize

Stormware's Pohoda XML/PHP serializer. This library provides a PHP-based solution for serializing and deserializing XML data for Stormware's Pohoda accounting software. It is designed to work with ...
Ars Technica

Deserializing old PHP data with Ruby -- but PHP object had a .type property

I'm a total newbie with Ruby, but I thought I'd use it to try and reclaim the data from my ancient PHP based photo site. That site used PHP serialization to store data in the filesystem like this: ...
Bleeping Computer

PHP Deserialization Issue Left Unfixed in WordPress CMS

WordPress CMS installations are vulnerable to a PHP bug related to data deserialization (also known as unserialization), a security researcher has revealed at the start of the month. The bug has been ...
ZDNet

Deserialization issues also affect Ruby, not just Java, PHP, and .NET

The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for ...
Security Boulevard

PHP Object Injection

A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers. The ...
Dark Reading

New PHP Exploit Chain Highlights Dangers of Deserialization

PHP unserialization attacks have been well known for some time, but a new exploitation method explained last week at Black Hat USA in Las Vegas demonstrated that the attack surface for PHP ...