X0Blank

**Name of the Vulnerable Software and Affected Versions** linlinjava litemall version 1.8.0 **Description** A SQL injection issue allows a remote attacker to obtain sensitive information via the `goodsId`, `goodsSn`, and `name` parameters in `AdminGoodscontroller.java`. This could potentially lead to unauthenticated remote code execution. It is recommended to review code for similar vulnerabilities and audit logs for signs of exploitation. **Recommendations** For linlinjava litemall version 1.8.0, consider disabling the `AdminGoodscontroller.java` function temporarily until a patch is available. Restrict access to the vulnerable parameters `goodsId`, `goodsSn`, and `name` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.