The Hacker News reported Zero Day exploits found in PHP7.
The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to compromise Drupal, Joomla, Magento, vBulletin and PornHub websites and other web servers in the past years by sending maliciously crafted data in client cookies.[1]
unserialize is a dangerous function. It has been proven over and over in the last years, yet it is still used in the wild. [2]
Resources: