-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from two key functions in Member.php: 1) logIn() created persistent cookies without checking Security::config()->autologin_enabled, allowing cookie generation even after remember-me was disabled. 2) autoLogin() validated cookies without checking autologin_enabled, allowing legacy cookies to authenticate users. The patch adds autologin_enabled checks to both functions, confirming their role in the vulnerability. The direct correlation between the vulnerability description and the patched logic establishes high confidence.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/framework | composer | >= 3.1.19-rc1, < 3.1.20 | 3.1.20 |
| silverstripe/framework | composer | >= 3.2.4-rc1, < 3.2.5 | 3.2.5 |
| silverstripe/framework | composer | >= 3.3.2-rc1, < 3.3.3 | 3.3.3 |
| silverstripe/framework | composer | >= 3.4.0-rc1, < 3.4.1 | 3.4.1 |
A Semantic Attack on Google Gemini - Read the Latest Research