Lina Wolf

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions prior to 7.6.57 ELTS TYPO3 versions prior to 8.7.47 ELTS TYPO3 versions prior to 9.5.34 ELTS TYPO3 versions prior to 10.4.29 TYPO3 versions prior to 11.5.11 **Description** The export functionality in TYPO3 fails to limit the result set to allowed columns of a particular database table, allowing authenticated users to export internal details of database tables they already have access to. **Recommendations** For versions prior to 7.6.57 ELTS, update to version 7.6.57 ELTS or later. For versions prior to 8.7.47 ELTS, update to version 8.7.47 ELTS or later. For versions prior to 9.5.34 ELTS, update to version 9.5.34 ELTS or later. For versions prior to 10.4.29, update to version 10.4.29 or later. For versions prior to 11.5.11, update to version 11.5.11 or later. As a temporary workaround, consider denying access to the export functionality for regular backend users by setting the `options.impexp.enableExportForNonAdminUser` to 0 in the User TSconfig.