Improper Authorization

TYPO3 CMS is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks in the CSV download feature, which allows an attacker to disclose information from arbitrary database tables within a user’s web mounts without having proper access...

EUVD-2025-27226

Malicious code in bioql PyPI...

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

GHSA-J8VM-7Q52-2M2M TYPO3 CSV download feature information disclosure

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

TYPO3 CSV download feature information disclosure

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in TYPO3’s CSV download feature (CVE-2025-59019) allows backend users to disclose information from arbitrary database tables within their web mounts. Affected are TYPO3 CMS versions: 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17. Root cause is an authorization ga...

TYPO3 11.0.0 < 11.5.48 ELTS / 12.0.0 < 12.4.37 / 13.0.0 < 13.4.18 (TYPO3-CORE-SA-2025-023)

The version of TYPO3 installed on the remote host is 11.0.0 prior to 11.5.48 ELTS / 12.0.0 prior to 12.4.37 / 13.0.0 prior to 13.4.18. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-023 advisory. - Missing authorization checks in the CSV download feature of...

PT-2025-36695

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The CSV download feature lacks proper authorization checks. This allows backend users to disclose...