Drupal 7.x Services module unserialize() to RCE

While working on the Drupal module Services, the Ambionics Security team discovered a critical remote code execution vulnerability.