This extension adds an active scan check to find PHP object injection vulnerabilities.

It passes a serialized PDO object in each insertion point. If PHP tries to unserialize this object a fatal exception is thrown triggered in the object's __wakeup() method (ext/pdo/pdo_dbh.c).