Pickled Zend Quick note: I wrote this exploit back in 2021 because I was essentially in dispute with someone who claimed it wasn't a risk because there were no genuine exploits for it Zend Framework 3 deserialisation reverse shell based on CVE-2021-3007 and Ling-Yizhous PoC at githubcom/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E