CVE-2022-31046
MEDIUMTYPO3 <7.6.57 ELTS, <8.7.47 ELTS, <9.5.34 ELTS, <10.4.29, <11.5.11 ...
Title source: llmDescription
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g
Patch, Third Party Advisory x_refsource_misc
https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9
Vendor Advisory x_refsource_misc
https://typo3.org/security/advisory/typo3-core-sa-2022-001
Scores
CVSS v3
4.3
EPSS
0.0015
EPSS Percentile
34.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-319
CWE-200
Status
published
Products (4)
typo3/cms
10.0.0 - 10.4.29Packagist
typo3/cms-core
7.0.0 - 7.6.57Packagist
typo3/typo3
10.0.0 - 10.4.29
typo3/typo3
7.0.0 - 7.6.57
Published
Jun 14, 2022
Tracked Since
Feb 18, 2026