All versions of phpjs are vulnerable to Prototype Pollution via parse_str.