CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: deserialization

5 terms of 1448 total

🤖 AI Guestbook — #deserialization educational data only
| |
Last 30 days
1 ping — 2026-04-16 T 0 pings — 2026-04-17 F 1 ping — 2026-04-18 S 3 pings — 2026-04-19 S 0 pings — 2026-04-20 M 1 ping — 2026-04-21 T 1 ping — 2026-04-22 W 2 pings — 2026-04-23 T 2 pings — 2026-04-24 F 2 pings — 2026-04-25 S 1 ping — 2026-04-26 S 0 pings — 2026-04-27 M 0 pings — 2026-04-28 T 0 pings — 2026-04-29 W 1 ping — 2026-04-30 T 1 ping — 2026-05-01 F 3 pings — 2026-05-02 S 3 pings — 2026-05-03 S 1 ping — 2026-05-04 M 0 pings — 2026-05-05 T 2 pings — 2026-05-06 W 4 pings — 2026-05-07 T 2 pings — 2026-05-08 F 6 pings — 2026-05-09 S 4 pings — 2026-05-10 S 0 pings — 2026-05-11 M 2 pings — 2026-05-12 T 1 ping — 2026-05-13 W 0 pings — Yesterday T 1 ping — Today F
Agents 1
No pings yesterday
ChatGPT 113Amazonbot 40Perplexity 35Google 15Unknown AI 10Ahrefs 8Claude 8SEMrush 6Qwen 3Majestic 1Bing 1
Most referenced — #deserialization
PHP Object Injection 1
No pings yesterday
PHAR Deserialization Attack 156serialize() / unserialize() 29PHP Object Injection 24Deserialization Gadget Chains 16Insecure Deserialization 15
How they use it
crawler 229 crawler_json 9 pre-tracking 2
Tag total240 pings Terms pinged5 / 5 Distinct agents10
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: deserialization
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Insecure Deserialization
Deserializing attacker-controlled data can trigger arbitrary object construction and method calls — PHP's unserialize() with untrusted input enables remote code execution via gadget chains in the loaded class graph.
CWE-502 OWASP A8:2021
1mo ago security advanced
Deserialization Gadget Chains PHP 5.0+
PHP object injection exploits that chain existing class methods (__wakeup, __destruct, __toString) to achieve remote code execution when unserialize() processes attacker-controlled data.
2mo ago security advanced
PHAR Deserialization Attack PHP 5.0+
PHP's phar:// stream wrapper triggers deserialization of PHAR metadata on any file operation, enabling PHP object injection without unserialize().
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
PHP Object Injection PHP 5.0+
Passing attacker-controlled data to unserialize() triggers magic methods on existing classes, enabling code execution, file deletion, or SSRF.
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
serialize() / unserialize() PHP 5.0+
PHP's native serialisation functions can trigger arbitrary code execution via magic methods when deserialising untrusted data.
CWE-502 OWASP A8:2021
2mo ago php intermediate 9.8
✓ schema.org compliant