CVE-2020-6164
Description
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SilverStripe up to 4.5.0 exposes a default URL path that reveals the CMS presence without version info and blocks resource creation on that path.
In SilverStripe through version 4.5.0, a default URL path provided by the silverstripe/framework module discloses that the domain hosts a SilverStripe application. The disclosure does not include the specific version number, and the path is preconfigured by default. The path is intended for CLI context, and its web accessibility is not known to enable further exploitation beyond reconnaissance. Additionally, the same path prevents creation of other web resources (e.g., pages) due to route conflicts.
The attack surface is limited: an attacker can only infer the presence of SilverStripe, which aids targeted attacks but does not directly lead to compromise. No authentication or special privileges are required to access the path. The side-effect of blocking resource creation may cause disruption if administrators attempt to create a page with that URL. [1]
The impact is low, as the vulnerability primarily enables information gathering. No known exploitation of the CLI functionality via web has been reported. The SilverStripe team addressed the issue by removing or deprecating the affected controllers (SapphireInfo and SapphireREPL) in commits to the framework repository. [2][3] Users are advised to update to SilverStripe 4.5.1 or later, which includes these changes.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/cmsPackagist | <= 4.5.0 | — |
silverstripe/frameworkPackagist | >= 4.0.0, < 4.4.7 | 4.4.7 |
silverstripe/frameworkPackagist | >= 4.5.0, < 4.5.4 | 4.5.4 |
Affected products
4- SilverStripe/frameworkdescription
- osv-coords3 versions
< 3.0.0+ 2 more
- (no CPE)range: < 3.0.0
- (no CPE)range: <= 4.5.0
- (no CPE)range: >= 4.0.0, < 4.4.7
Patches
2cce2b1630937[CVE-2020-6164] Remove/deprecate unused controllers that can potentially give away some information about the underlying project.
5 files changed · +10 −116
_config/routes.yml+0 −4 modified@@ -14,10 +14,6 @@ SilverStripe\Control\Director: 'Security//$Action/$ID/$OtherID': SilverStripe\Security\Security 'CMSSecurity//$Action/$ID/$OtherID': SilverStripe\Security\CMSSecurity 'dev': SilverStripe\Dev\DevelopmentAdmin - 'interactive': SilverStripe\Dev\SapphireREPL - 'InstallerTest//$Action/$ID/$OtherID': SilverStripe\Dev\InstallerTest - 'SapphireInfo//$Action/$ID/$OtherID': SilverStripe\Dev\SapphireInfo - 'SapphireREPL//$Action/$ID/$OtherID': SilverStripe\Dev\SapphireREPL --- Name: security-limited After:
src/Dev/InstallerTest.php+1 −0 modified@@ -6,6 +6,7 @@ /** * Simple controller that the installer uses to test that URL rewriting is working. + * @deprecated 4.4.7 This class will be removed in Silverstripe Framework 5. */ class InstallerTest extends Controller {
src/Dev/SapphireInfo.php+1 −0 modified@@ -9,6 +9,7 @@ /** * Returns information about the current site instance. + * @deprecated 4.4.7 This class will be removed in Silverstripe Framework 5. */ class SapphireInfo extends Controller {
src/Dev/SapphireREPL.php+0 −110 removed@@ -1,110 +0,0 @@ -<?php - -namespace SilverStripe\Dev; - -use SilverStripe\Control\Controller; -use SilverStripe\Control\Director; -use Exception; - -/* Don't actually define these, since it'd clutter up the namespace. -define('1',E_ERROR); -define('2',E_WARNING); -define('4',E_PARSE); -define('8',E_NOTICE); -define('16',E_CORE_ERROR); -define('32',E_CORE_WARNING); -define('64',E_COMPILE_ERROR); -define('128',E_COMPILE_WARNING); -define('256',E_USER_ERROR); -define('512',E_USER_WARNING); -define('1024',E_USER_NOTICE); -define('2048',E_STRICT); -define('4096',E_RECOVERABLE_ERROR); -define('8192',E_DEPRECATED); -define('16384',E_USER_DEPRECATED); -define('30719',E_ALL); -*/ -/** - */ -class SapphireREPL extends Controller -{ - - private static $allowed_actions = array( - 'index' - ); - - public function error_handler($errno, $errstr, $errfile, $errline, $errctx) - { - // Ignore unless important error - if (($errno & ~( 2048 | 8192 | 16384 )) == 0) { - return ; - } - // Otherwise throw exception to handle in REPL loop - throw new Exception(sprintf("%s:%d\r\n%s", $errfile, $errline, $errstr)); - } - - public function index() - { - if (!Director::is_cli()) { - return "The SilverStripe Interactive Command-line doesn't work in a web browser." - . " Use 'sake interactive' from the command-line to run."; - } - - - /* Try using PHP_Shell if it exists */ - @include 'php-shell-cmd.php' ; - - /* Fall back to our simpler interface */ - if (empty($__shell)) { - set_error_handler(array($this, 'error_handler')); - - echo "SilverStripe Interactive Command-line (REPL interface). Type help for hints.\n\n"; - while (true) { - echo CLI::text("?> ", "cyan"); - echo CLI::start_colour("yellow"); - $command = trim(fgets(STDIN, 4096)); - echo CLI::end_colour(); - - if ($command == 'help' || $command == '?') { - print "help or ? to exit\n" ; - print "quit or \q to exit\n" ; - print "install PHP_Shell for a more advanced interface with" - . " auto-completion and readline support\n\n" ; - continue ; - } - - if ($command == 'quit' || $command == '\q') { - break ; - } - - // Simple command processing - if (substr($command, -1) == ';') { - $command = substr($command, 0, -1); - } - $is_print = preg_match('/^\s*print/i', $command); - $is_return = preg_match('/^\s*return/i', $command); - if (!$is_print && !$is_return) { - $command = "return ($command)"; - } - $command .= ";"; - - try { - $result = eval($command); - if (!$is_print) { - print_r($result); - } - echo "\n"; - } catch (Exception $__repl_exception) { - echo CLI::start_colour("red"); - printf( - '%s (code: %d) got thrown' . PHP_EOL, - get_class($__repl_exception), - $__repl_exception->getCode() - ); - print $__repl_exception; - echo "\n"; - } - } - } - } -}
.upgrade.yml+8 −2 modified@@ -205,8 +205,6 @@ mappings: FunctionalTest: SilverStripe\Dev\FunctionalTest InstallerTest: SilverStripe\Dev\InstallerTest MigrationTask: SilverStripe\Dev\MigrationTask - SapphireInfo: SilverStripe\Dev\SapphireInfo - SapphireREPL: SilverStripe\Dev\SapphireREPL SapphireTest: SilverStripe\Dev\SapphireTest TaskRunner: SilverStripe\Dev\TaskRunner TestMailer: SilverStripe\Dev\TestMailer @@ -1016,6 +1014,14 @@ warnings: message: 'Use SilverStripe\CMS\BatchActions\CMSBatchAction_Archive instead' 'EncryptAllPasswordsTask': message: 'Removed' + 'SapphireInfo': + message: 'Removed' + 'SilverStripe\Dev\SapphireREPL': + message: 'Removed' + 'SilverStripe\Dev\SapphireInfo': + message: 'Deprecated' + 'SilverStripe\Dev\InstallerTest': + message: 'Deprecated' methods: 'SilverStripe\Security\Authenticator::register()': message: 'Custom authenticators work differently now'
91d30db88f68[CVE-2020-6164] Remove/deprecate unused controllers that can potentially give away some information about the underlying project.
5 files changed · +10 −116
_config/routes.yml+0 −4 modified@@ -14,10 +14,6 @@ SilverStripe\Control\Director: 'Security//$Action/$ID/$OtherID': SilverStripe\Security\Security 'CMSSecurity//$Action/$ID/$OtherID': SilverStripe\Security\CMSSecurity 'dev': SilverStripe\Dev\DevelopmentAdmin - 'interactive': SilverStripe\Dev\SapphireREPL - 'InstallerTest//$Action/$ID/$OtherID': SilverStripe\Dev\InstallerTest - 'SapphireInfo//$Action/$ID/$OtherID': SilverStripe\Dev\SapphireInfo - 'SapphireREPL//$Action/$ID/$OtherID': SilverStripe\Dev\SapphireREPL --- Name: security-limited After:
src/Dev/InstallerTest.php+1 −0 modified@@ -6,6 +6,7 @@ /** * Simple controller that the installer uses to test that URL rewriting is working. + * @deprecated 4.4.7 This class will be removed in Silverstripe Framework 5. */ class InstallerTest extends Controller {
src/Dev/SapphireInfo.php+1 −0 modified@@ -9,6 +9,7 @@ /** * Returns information about the current site instance. + * @deprecated 4.4.7 This class will be removed in Silverstripe Framework 5. */ class SapphireInfo extends Controller {
src/Dev/SapphireREPL.php+0 −110 removed@@ -1,110 +0,0 @@ -<?php - -namespace SilverStripe\Dev; - -use SilverStripe\Control\Controller; -use SilverStripe\Control\Director; -use Exception; - -/* Don't actually define these, since it'd clutter up the namespace. -define('1',E_ERROR); -define('2',E_WARNING); -define('4',E_PARSE); -define('8',E_NOTICE); -define('16',E_CORE_ERROR); -define('32',E_CORE_WARNING); -define('64',E_COMPILE_ERROR); -define('128',E_COMPILE_WARNING); -define('256',E_USER_ERROR); -define('512',E_USER_WARNING); -define('1024',E_USER_NOTICE); -define('2048',E_STRICT); -define('4096',E_RECOVERABLE_ERROR); -define('8192',E_DEPRECATED); -define('16384',E_USER_DEPRECATED); -define('30719',E_ALL); -*/ -/** - */ -class SapphireREPL extends Controller -{ - - private static $allowed_actions = array( - 'index' - ); - - public function error_handler($errno, $errstr, $errfile, $errline, $errctx) - { - // Ignore unless important error - if (($errno & ~( 2048 | 8192 | 16384 )) == 0) { - return ; - } - // Otherwise throw exception to handle in REPL loop - throw new Exception(sprintf("%s:%d\r\n%s", $errfile, $errline, $errstr)); - } - - public function index() - { - if (!Director::is_cli()) { - return "The SilverStripe Interactive Command-line doesn't work in a web browser." - . " Use 'sake interactive' from the command-line to run."; - } - - - /* Try using PHP_Shell if it exists */ - @include 'php-shell-cmd.php' ; - - /* Fall back to our simpler interface */ - if (empty($__shell)) { - set_error_handler(array($this, 'error_handler')); - - echo "SilverStripe Interactive Command-line (REPL interface). Type help for hints.\n\n"; - while (true) { - echo CLI::text("?> ", "cyan"); - echo CLI::start_colour("yellow"); - $command = trim(fgets(STDIN, 4096)); - echo CLI::end_colour(); - - if ($command == 'help' || $command == '?') { - print "help or ? to exit\n" ; - print "quit or \q to exit\n" ; - print "install PHP_Shell for a more advanced interface with" - . " auto-completion and readline support\n\n" ; - continue ; - } - - if ($command == 'quit' || $command == '\q') { - break ; - } - - // Simple command processing - if (substr($command, -1) == ';') { - $command = substr($command, 0, -1); - } - $is_print = preg_match('/^\s*print/i', $command); - $is_return = preg_match('/^\s*return/i', $command); - if (!$is_print && !$is_return) { - $command = "return ($command)"; - } - $command .= ";"; - - try { - $result = eval($command); - if (!$is_print) { - print_r($result); - } - echo "\n"; - } catch (Exception $__repl_exception) { - echo CLI::start_colour("red"); - printf( - '%s (code: %d) got thrown' . PHP_EOL, - get_class($__repl_exception), - $__repl_exception->getCode() - ); - print $__repl_exception; - echo "\n"; - } - } - } - } -}
.upgrade.yml+8 −2 modified@@ -205,8 +205,6 @@ mappings: FunctionalTest: SilverStripe\Dev\FunctionalTest InstallerTest: SilverStripe\Dev\InstallerTest MigrationTask: SilverStripe\Dev\MigrationTask - SapphireInfo: SilverStripe\Dev\SapphireInfo - SapphireREPL: SilverStripe\Dev\SapphireREPL SapphireTest: SilverStripe\Dev\SapphireTest TaskRunner: SilverStripe\Dev\TaskRunner TestMailer: SilverStripe\Dev\TestMailer @@ -1018,6 +1016,14 @@ warnings: message: 'Use SilverStripe\CMS\BatchActions\CMSBatchAction_Archive instead' 'EncryptAllPasswordsTask': message: 'Removed' + 'SapphireInfo': + message: 'Removed' + 'SilverStripe\Dev\SapphireREPL': + message: 'Removed' + 'SilverStripe\Dev\SapphireInfo': + message: 'Deprecated' + 'SilverStripe\Dev\InstallerTest': + message: 'Deprecated' methods: 'SilverStripe\Security\Authenticator::register()': message: 'Custom authenticators work differently now'
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-gm5x-hpmw-xpxgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-6164ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yamlghsaWEB
- github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72cghsaWEB
- github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74bghsaWEB
- www.silverstripe.org/download/security-releases/CVE-2020-6164ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.