Name of the Vulnerable Software and Affected Versions: SilverStripe (affected versions not specified)

Description: The issue allows bypassing normal authentication parameters by providing an empty token parameter to a SilverStripe site when a secure token parameter is given, such as isDev or flush. This can be exploited by adding an empty token parameter to the URL, for example, http://www.mysite.com/?isDev=1&isDevtoken to force a site into dev mode. Additionally, using flush in succession can cause excessive load on a victim site, risking denial of service.

Recommendations: To resolve the issue, ensure that empty tokens fail the validation check. At the moment, there is no information about a newer version that contains a fix for this vulnerability.