TL;DR: Dangerous-sink hunting (eval, system, include, unserialize, preg_replace with /e) plus framework-specific patterns.
Stub — to be filled in.
What it is
TODO
Preconditions / where it applies
TODO
Technique
TODO
Detection and defence
TODO
References