Wrong unserialize input

2019-11-29 11:48:21 +01:00 · 2019-11-29 11:48:21 +01:00 · 3060b81caa
--- a/README.md
+++ b/README.md
@ -318,10 +318,10 @@ Since I do not have access to the 8770 files and i can't test the upload code fo
 * Multiple calls to unserialize on untrusted data:

 	```
- 	unserialize(gzuncompress($MyG["themes"]));
+ 	unserialize(gzuncompress($_COOKIE["themes"]));
 	unserialize(gzuncompress($_COOKIE["station"]));
 	unserialize(gzuncompress($_COOKIE["cfilter"]));
- 	unserialize(gzuncompress($MyG["bookmarks"]));
+ 	unserialize(gzuncompress($_COOKIE["bookmarks"]));
 	```
 I did not find an exploitable chain but: all the PHP version shipped with this product have multiple unserialize CVE and I did not find a way but it is possible to play with the COM class.