Full title: PHP yaml_parse_url Unsafe Deserialization Vulnerability 
Category: remote exploits
Platform: php
The PHP unserialize() function is considered unsafe due to its behavior regarding class instantiation; in cases where serialized data is attacker controlled, it can be tampered with, allowing for the instantiation of arbitrary PHP classes and thus code execution via destructor.

# 0day.today @ http://0day.today/