silverstripe/framework is vulnerable to Session Hijacking. The vulnerability is due to a malfunction in the security protection designed to detect changes in the User-Agent header, which allows an attacker to modify the header without invalidating the user session.