[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard