SilverStripe CMS Running in Development Mode

medium Nessus Plugin ID 44940

Synopsis

The remote web server is hosting a PHP application that appears to be running in a development mode.

Description

The SilverStripe CMS install hosted on the remote web server appears to be running in development mode.

When running in development mode, debugging tools are accessible without authentication, which could enable an attacker to gain sensitive information relating to the application.

Solution

If this is a production system, consider putting SilverStripe in live mode by adding the following line to the 'mysite/_config.php' file :
Director::set_environment_type("live");

See Also

http://doc.silverstripe.org/doku.php?id=debugging

Plugin Details

Severity: Medium

ID: 44940

File Name: silverstripe_dev_mode.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 3/1/2010

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:silverstripe:silverstripe

Required KB Items: www/PHP, www/silverstripe

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true