melisplatform/melis-front is vulnerable to deserialization of untrusted data. The vulnerability exists in multiple functions because of adding allowed_classes=false param to the unserialize function which allows an attacker to execute of arbitrary PHP code on the system.