CVE-2026-7727
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Summary
A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.0 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.1 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.2 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.3 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.4 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.5 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.6 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.7 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.8 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.9 | affected |
| Shandong Hoteam Software | PDM Product Data Management System | 8.3.10 | unaffected |
Weaknesses
- CWE-89: SQL Injection
- CWE-74: Injection
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
References
- https://vuldb.com/vuln/360902
- https://vuldb.com/vuln/360902/cti
- https://vuldb.com/submit/803268
- https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh
- https://en.hoteamsoft.com/pdm
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.