Continuing from the previous series of articles, in this post, I will apply the knowledge I have acquired and conduct further research on PHP deserialization in order to reproduce an intriguing bug: going from SQL injection to PHP deserialization and achieving Remote Code Execution (RCE) on Pandora FMS 742.

Continuing from the previous article series, in this post, I will apply the knowledge learned and research on PHP deserialize to reproduce CVE-2022-39298.