This vulnerability is a SQL injection (CWE-89) in linlinjava litemall 1.8.0, specifically in the AdminOrderController.java file. An attacker with network access and limited privileges can manipulate the goodsId, goodsSn, and name parameters to execute unauthorized SQL queries, resulting in unauthorized disclosure of sensitive information. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, high confidentiality impact, and no integrity or availability impact. No patch or official fix information is currently available.

Successful exploitation allows an attacker with limited privileges to retrieve sensitive information from the database, impacting confidentiality. There is no impact on integrity or availability. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected parameters and consider applying input validation or web application firewall rules to detect and block SQL injection attempts targeting goodsId, goodsSn, and name parameters. Monitor for updates from the vendor regarding patches or official mitigations.