5.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-vp8p-c6xj-xpj7

GHSA-vp8p-c6xj-xpj7: Silverstripe External redirection risk in Security?ReturnURL

A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site.

For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page http://attacker-site.com. If that website were set up to look identical to the first with "login failed" then the user will likely just enter their user/pass again.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-vp8p-c6xj-xpj7

GHSA-vp8p-c6xj-xpj7:

5.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
silverstripe/framework	composer	<= 3.0.13	3.0.14
silverstripe/framework	composer	>= 3.1.0, <= 3.1.13-rc1	3.1.13

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper handling of the BackURL parameter in authentication flows. The pre-patch code in both MemberLoginForm and ChangePasswordForm directly used user-supplied BackURL values after basic domain validation (Director::is_site_url), but failed to properly normalize URLs. This allowed attackers to craft URLs like /\attacker.com that would pass domain checks but resolve to external sites when processed. The commit fixes show the addition of Director::absoluteURL() calls to normalize URLs, indicating the original functions lacked proper URL canonicalization. The vulnerability matches CWE-601 (Open Redirect) through improper validation of redirect targets in authentication context.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.8

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-vp8p-c6xj-xpj7: Silverstripe External redirection risk in Security?ReturnURL

GHSA-vp8p-c6xj-xpj7:

5.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

5.8

5.8

GHSA-vp8p-c6xj-xpj7: Silverstripe External redirection risk in Security?ReturnURL

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI