PHPIDS versions 0.6.2 and below unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized can utilize existing classes which e.g. can lead to upload of arbitrary files or execution of arbitrary PHP code in Zend Framework Applications.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83684/phpids-unserialize.txt
Source: https://packetstormsecurity.com/files/83684/PHPIDS-0.6.2-Unserialize-Execution.html