-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/cms | composer | <= 3.1.13 | |
| silverstripe/framework | composer | <= 3.1.13 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in the dev/build endpoint handler (DevelopmentAdmin::build) which accepts a returnURL parameter. This parameter is passed directly to the redirection mechanism (Controller::redirect) without adequate validation. SilverStripe's redirect method typically validates URLs when using internal redirects, but in this case appears to accept absolute external URLs due to missing whitelist checks or improper sanitization of the returnURL parameter. The combination of these two functions creates an unvalidated redirect chain.