CVE-2025-56161
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yiovo | firefly_mall | From 2.01 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in YOSHOP 2.0 allows unauthenticated users to access sensitive information through the comment-list API endpoints in the Goods module. The Comment model loads related User data without filtering fields, exposing sensitive user information such as bcrypt password hashes, mobile numbers, and financial data (pay_money, expend_money) in JSON responses.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive user information, including password hashes and financial details. This exposure can increase the risk of account compromise, identity theft, financial fraud, and privacy violations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability likely violates data protection regulations such as GDPR and HIPAA by exposing sensitive personal and financial information without proper authorization or consent, potentially leading to non-compliance and legal consequences.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by sending unauthenticated requests to the comment-list API endpoints in the Goods module (e.g., /api/goods.pinglun/list) and inspecting the JSON response for sensitive user information such as bcrypt password hashes, mobile numbers, pay_money, and expend_money fields. Using tools like curl or wget, you can run commands such as: curl -X GET http://your-target/api/goods.pinglun/list and then check the response for exposed sensitive fields.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the comment-list API endpoints to authenticated users only, implementing proper field filtering in the User model to hide sensitive attributes (e.g., defining $hidden or $visible properties), and reviewing the API routes to ensure sensitive data is not exposed in JSON responses.