6.9
/ 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Description
A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.
Basic Information
ID
CVE-2026-7727
Source
VulDB
Published
May 4, 2026 at 03:15
Affected Product
Vendor
Shandong Hoteam Software
Product
PDM Product Data Management System
Version
8.3.0
Affected Versions
Shandong Hoteam Software PDM Product Data Management System 8.3.0
Shandong Hoteam Software PDM Product Data Management System 8.3.1
Shandong Hoteam Software PDM Product Data Management System 8.3.2
Shandong Hoteam Software PDM Product Data Management System 8.3.3
Shandong Hoteam Software PDM Product Data Management System 8.3.4
Shandong Hoteam Software PDM Product Data Management System 8.3.5
Shandong Hoteam Software PDM Product Data Management System 8.3.6
Shandong Hoteam Software PDM Product Data Management System 8.3.7
Shandong Hoteam Software PDM Product Data Management System 8.3.8
Shandong Hoteam Software PDM Product Data Management System 8.3.9
Shandong Hoteam Software PDM Product Data Management System 8.3.1
Shandong Hoteam Software PDM Product Data Management System 8.3.2
Shandong Hoteam Software PDM Product Data Management System 8.3.3
Shandong Hoteam Software PDM Product Data Management System 8.3.4
Shandong Hoteam Software PDM Product Data Management System 8.3.5
Shandong Hoteam Software PDM Product Data Management System 8.3.6
Shandong Hoteam Software PDM Product Data Management System 8.3.7
Shandong Hoteam Software PDM Product Data Management System 8.3.8
Shandong Hoteam Software PDM Product Data Management System 8.3.9