diff --git a/exposure/files/typo3-compose.yaml b/misconfiguration/typo3-composer.yaml
similarity index 67%
rename from exposure/files/typo3-compose.yaml
rename to misconfiguration/typo3-composer.yaml
index f21301cdfa..2dcfe0c9f2 100644
--- a/exposure/files/typo3-compose.yaml
+++ b/misconfiguration/typo3-composer.yaml
@@ -6,8 +6,12 @@ info:
   severity: low
   description: |
      The web application is based on Typo3 CMS. A sensitive file has been found. Access to such files must be restricted, as it may lead to disclosure of sensitive information about the web application.
-  reference: https://docs.typo3.org/m/typo3/guide-installation/master/en-us/In-depth/SystemRequirements/Index.html#nginx
-  tags: typo3,cms,exposure,file
+  reference:
+    - https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/9.0/Breaking-83302-ComposerRestrictsInstallationOfTypo3cms.html
+  metadata:
+    verified: true
+    shodan-query: "X-TYPO3-Parsetime: 0ms"
+  tags: typo3,cms,exposure,misconfig
 
 requests:
   - method: GET
@@ -20,6 +24,8 @@ requests:
         part: body
         words:
           - "The Install Tool mounted as the module Tools>Install in TYPO3."
+          - "typo3-cms-framework"
+        condition: and
 
       - type: status
         status: