3 matches found
CVE-2025-56161
YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes, sensitive fields bcrypt password hash, mobile...
CVE-2025-56161
YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes, sensitive fields bcrypt password hash, mobile...
CVE-2025-56161
Summary of CVE-2025-56161 (YOSHOP 2.0): Unauthenticated information disclosure via the Goods module’s comment-list endpoints. The Comment model eagerly loads the related User model without field filtering, and since User.php defines no $hidden or $visible attributes, sensitive fields (bcrypt pass...