silverstripe/framework is vulnerable to Improper Access Control. The vulnerability is due to a weakness in the .htaccess rules preventing requests to uploaded PHP scripts, which allows PHP scripts in the assets directory to be executed via a specially crafted URL.