Incorrect Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Incorrect Authorization due to improper handling of FrontendGroupRestriction in multi-table database queries. An attacker can access data from additional tables...

CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...