What is Phar Deserialization

Summary The security researcher Sam Thomas from Secarma found a new exploitation technique that can lead to critical PHP object injection vulnerabilities – without using the PHP function unserialize(). The new technique was announced at the BlackHat USA conference in his talk It’s a PHP Unserialization Vulnerability Jim, but Not as We Know It1. It can enable attackers to escalate the severity of file related vulnerabilities to remote code execution.