An issue found in Zend Framework v.3.1.3 and before allow a remote malicious user to execute arbitrary code via the unserialize function.
zend zend framework