Yoshop 安全漏洞

Yoshop is a Chinese yiovo open source e-commerce system. A security vulnerability exists in Yoshop version 2.0, which stems from unauthenticated information leakage from the comment list API endpoint, which may lead to the exposure of sensitive fields...

CVE-2025-56161

YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes, sensitive fields bcrypt password hash, mobile...