PT-2025-22139 · Typo3 · Typo3
Christian Futterlieb
·
Publicado
2025-05-20
·
Atualizado
2025-09-03
·
CVE-2025-47937
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
TYPO3 versions 9.0.0 through 9.5.50 ELTS
TYPO3 versions 10.0.0 through 10.4.49 ELTS
TYPO3 versions 11.0.0 through 11.5.43 ELTS
TYPO3 versions 12.0.0 through 12.4.30 LTS
TYPO3 versions 13.0.0 through 13.4.11 LTS
Description:
The issue affects the database abstraction layer (DBAL) in TYPO3, where frontend user permissions are only applied via
FrontendGroupRestriction to the first table in a database query involving multiple tables. This may result in unintentional exposure of data from additional tables to unauthorized users.Recommendations:
Update to TYPO3 version 9.5.51 ELTS
Update to TYPO3 version 10.4.50 ELTS
Update to TYPO3 version 11.5.44 ELTS
Update to TYPO3 version 12.4.31 LTS
Update to TYPO3 version 13.4.12 LTS
Exploit
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Typo3