Name of the Vulnerable Software and Affected Versions: Form Framework (system extension "form") (affected versions not specified)

Description: The issue concerns Insecure Deserialization in the Form Framework when used with the PHP PECL package "yaml". This package can unserialize YAML contents to PHP objects. To exploit this, a valid backend user account is required, along with the PHP setting yaml.decode php enabled, which is the default according to PHP documentation.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.