CVE-2026-7727

HIGH

Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection

Title source: cna
STIX 2.1

Description

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-360902 | Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection
https://vuldb.com/vuln/360902
Signature, Permissions Required signature permissions-required
VDB-360902 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/360902/cti
Third Party Advisory third-party-advisory
Submit #803268 | Shandong Hoteam Software Co., Ltd. PDM <8.3.10 SQL Injection
https://vuldb.com/submit/803268

Scores

CVSS v3 7.3
EPSS 0.0026
EPSS Percentile 17.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-74 CWE-89
Status published
Products (11)
Shandong Hoteam Software/PDM Product Data Management System 8.3.0
Shandong Hoteam Software/PDM Product Data Management System 8.3.1
Shandong Hoteam Software/PDM Product Data Management System 8.3.10
Shandong Hoteam Software/PDM Product Data Management System 8.3.2
Shandong Hoteam Software/PDM Product Data Management System 8.3.3
Shandong Hoteam Software/PDM Product Data Management System 8.3.4
Shandong Hoteam Software/PDM Product Data Management System 8.3.5
Shandong Hoteam Software/PDM Product Data Management System 8.3.6
Shandong Hoteam Software/PDM Product Data Management System 8.3.7
Shandong Hoteam Software/PDM Product Data Management System 8.3.8
... and 1 more
Published May 04, 2026
Tracked Since May 04, 2026