Open Redirect Affecting silverstripe/framework package, versions >=3.0.0, <3.0.14>=3.1.0, <3.1.13
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PHP-SILVERSTRIPEFRAMEWORK-17400372
- published22 Jun 2026
- disclosed19 Jun 2026
- creditMatt Lang
Introduced: 19 Jun 2026
New CVE NOT AVAILABLE CWE-601 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade silverstripe/framework to version 3.0.14, 3.1.13 or higher.
Overview
silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.
Affected versions of this package are vulnerable to Open Redirect via improper validation of the BackURL parameter in the login flow. An attacker can redirect users to an attacker-controlled website after a successful login by supplying a crafted BackURL value. This may facilitate phishing attacks by presenting victims with a page that mimics the legitimate site and prompts them to re-enter their credentials.