Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.x

Description: The issue allows unauthorized users to expose information typically hidden in production environments, such as verbose errors and debugging tools, by accessing certain URL parameters. This is possible because the isDev and isTest URL parameters are accessible to unauthenticated users. While core functionality does not expose user data, community modules might have added specific functionality that could be used to access or alter user data.

Recommendations: For SilverStripe versions prior to 4.x, update to version 4.x to fix the usage of isDev and isTest parameters. For the next major release of SilverStripe, the URL parameters isDev and isTest have been removed, so updating to this version will also resolve the issue.