lang:

PHP

regex:

unserialize\s?\(

description:

Do not use unserialize() function with user-supplied input. Unserialization can result in code being loaded and executed due to object instantiation and autoloading. https://www.owasp.org/index.php/PHP_Object_Injection
tags:
object injection cwe-94
results