CVE-2026-7727

Summary

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
Shandong Hoteam SoftwarePDM Product Data Management System8.3.0affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.1affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.2affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.3affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.4affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.5affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.6affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.7affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.8affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.9affected
Shandong Hoteam SoftwarePDM Product Data Management System8.3.10unaffected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References