PHP 5.4.x was notorious for vulnerabilities in its unserialize() function. Attackers use these to achieve PHP Object Injection .
php_quot_print_encode (used by quoted_printable_encode ). php 5416 exploit github
The most significant exploit tied specifically to the 5.4.16 release boundary is CVE-2013-2110 . Heap-based Buffer Overflow. php 5416 exploit github