Unserialize is a PHP function that, while often classified as a security risk, is seldom defined. This article explains the vulnerability and contains a PHP Classes Crash Course that includes properties and ‘magic methods’. It uses examples to illustrate the basic concepts of Deserialization, PHP Object Injection and Class Autoloading in PHP.