In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.

Missing warning can lead to unauthenticated admin access in SilverStripe