Diving into PHP unserialize vulnerabilities:
https://medium.com/swlh/exploiting-php-deserialization-56d71f03282a
https://medium.com/swlh/php-type-juggling-vulnerabilities-3e28c4ed5c09
https://medium.com/swlh/diving-into-unserialize-3586c1ec97e
https://medium.com/@vickieli/diving-into-unserialize-pop-chains-35bc1141b69a
https://medium.com/swlh/diving-into-unserialize-more-than-rce-d48d371db7da
https://medium.com/swlh/diving-into-unserialize-magic-methods-386d41c1b16a
https://blog.usejournal.com/diving-into-unserialize-phar-deserialization-98b1254380e9
https://medium.com/swlh/exploiting-php-deserialization-56d71f03282a
https://medium.com/swlh/php-type-juggling-vulnerabilities-3e28c4ed5c09
https://medium.com/swlh/diving-into-unserialize-3586c1ec97e
https://medium.com/@vickieli/diving-into-unserialize-pop-chains-35bc1141b69a
https://medium.com/swlh/diving-into-unserialize-more-than-rce-d48d371db7da
https://medium.com/swlh/diving-into-unserialize-magic-methods-386d41c1b16a
https://blog.usejournal.com/diving-into-unserialize-phar-deserialization-98b1254380e9
Medium
Exploiting PHP deserialization
Intro to PHP object injection vulnerabilities