Name of the Vulnerable Software and Affected Versions: Form Framework (system extension form) (affected versions not specified)

Description: The issue concerns Insecure Deserialization in the Form Framework when used with the PHP PECL package yaml. This package can unserialize YAML contents to PHP objects. To exploit this, an attacker needs a valid backend user account and the PHP setting yaml.decode php must be enabled, which is the default setting according to PHP documentation.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.