
Cloud Vulnerability DB
A community-led vulnerabilities database
A security vulnerability was identified in SilverStripe framework affecting versions 3.0.13 and below, as well as versions 3.1.0 to 3.1.13-rc1. The vulnerability (SS-2015-014) was discovered and disclosed on May 28, 2015, impacting the validation of 'isDev', 'isTest', and 'flush' $_GET parameters in the SilverStripe framework (SilverStripe Advisory).
The vulnerability allows attackers to bypass normal authentication parameters by providing an empty token parameter along with secure token parameters. For example, accessing a URL like 'http://www.mysite.com/?isDev=1&isDevtoken' could force a site into dev mode without proper authentication. The issue stems from improper validation of empty token parameters in the framework's security checks (GitHub Advisory).
The vulnerability can be exploited to force a site into development mode without proper authentication. Additionally, the 'flush' parameter could be exploited in succession to cause excessive server load, potentially leading to denial of service conditions (SilverStripe Advisory).
The vulnerability has been fixed in versions 3.0.14 and 3.1.13 of the SilverStripe framework. The fix ensures that empty tokens fail the validation check, preventing unauthorized access to development features. Users should upgrade to these patched versions to protect their installations (SilverStripe Advisory).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."