Presto Changeo testsitecreator up to 1.1.1 exists to contain a deserialization vulnerability via the component delete_excluded_folder.php.
presto-changeo test site creator