diff --git a/typo3-sensitive-files.yaml b/typo3-sensitive-files.yaml
new file mode 100644
index 0000000000..f308d9a6d4
--- /dev/null
+++ b/typo3-sensitive-files.yaml
@@ -0,0 +1,26 @@
+id: typo3-sensitive-files
+
+info:
+  name: Typo3 sensitive files
+  author: 0x_Akoko
+  severity: low
+  description: The web application is based on Typo3 CMS. A sensitive file has been found. Access to such files must be restricted, as it may lead to disclosure of sensitive information about the web application.
+  reference: https://docs.typo3.org/m/typo3/guide-installation/master/en-us/In-depth/SystemRequirements/Index.html#nginx
+  tags: typo3,sensitive,files
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/typo3/sysext/install/composer.json'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "The Install Tool mounted as the module Tools>Install in TYPO3."
+      - type: word
+        part: header
+        words:
+          - 200
+