Zend Engine V3.4.0 Exploit -

A PoC exploit for this vulnerability has been publicly disclosed. The exploit involves creating a specially crafted PHP script that:

Untrusted data passed to unserialize() can be manipulated to trigger "gadget chains"—sequences of existing code within the application that, when executed during object destruction, perform malicious actions like writing a web shell. Security & Hardening Guide zend engine v3.4.0 exploit

: A high-profile RCE vulnerability affecting PHP-FPM configurations. While often categorized as a PHP-FPM bug, it impacts the way the Zend Engine processes certain env-vars. CVE-2021-3007 A PoC exploit for this vulnerability has been

The exploit code is relatively simple and consists of the following steps: when executed during object destruction

If you are looking for modern critical exploits associated with Zend-based systems, these are the most prominent: