Search criteria
2 vulnerabilities found for PDM Product Data Management System by Shandong Hoteam Software
CVE-2026-7727 (GCVE-0-2026-7727)
Vulnerability from nvd – Published: 2026-05-04 03:15 – Updated: 2026-05-04 12:54
VLAI?
Title
Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection
Summary
A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.
Severity ?
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360902 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360902/cti | signaturepermissions-required |
| https://vuldb.com/submit/803268 | third-party-advisory |
| https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8… | related |
| https://en.hoteamsoft.com/pdm | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Shandong Hoteam Software | PDM Product Data Management System |
Affected:
8.3.0
Affected: 8.3.1 Affected: 8.3.2 Affected: 8.3.3 Affected: 8.3.4 Affected: 8.3.5 Affected: 8.3.6 Affected: 8.3.7 Affected: 8.3.8 Affected: 8.3.9 Unaffected: 8.3.10 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7727",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T12:53:56.950846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T12:54:03.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PDM Product Data Management System",
"vendor": "Shandong Hoteam Software",
"versions": [
{
"status": "affected",
"version": "8.3.0"
},
{
"status": "affected",
"version": "8.3.1"
},
{
"status": "affected",
"version": "8.3.2"
},
{
"status": "affected",
"version": "8.3.3"
},
{
"status": "affected",
"version": "8.3.4"
},
{
"status": "affected",
"version": "8.3.5"
},
{
"status": "affected",
"version": "8.3.6"
},
{
"status": "affected",
"version": "8.3.7"
},
{
"status": "affected",
"version": "8.3.8"
},
{
"status": "affected",
"version": "8.3.9"
},
{
"status": "unaffected",
"version": "8.3.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "red88-debug (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T03:15:27.138Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360902 | Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360902"
},
{
"name": "VDB-360902 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360902/cti"
},
{
"name": "Submit #803268 | Shandong Hoteam Software Co., Ltd. PDM \u003c8.3.10 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803268"
},
{
"tags": [
"related"
],
"url": "https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh"
},
{
"tags": [
"patch"
],
"url": "https://en.hoteamsoft.com/pdm"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T17:59:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7727",
"datePublished": "2026-05-04T03:15:27.138Z",
"dateReserved": "2026-05-03T15:54:31.734Z",
"dateUpdated": "2026-05-04T12:54:03.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7727 (GCVE-0-2026-7727)
Vulnerability from cvelistv5 – Published: 2026-05-04 03:15 – Updated: 2026-05-04 12:54
VLAI?
Title
Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection
Summary
A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.
Severity ?
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360902 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360902/cti | signaturepermissions-required |
| https://vuldb.com/submit/803268 | third-party-advisory |
| https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8… | related |
| https://en.hoteamsoft.com/pdm | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Shandong Hoteam Software | PDM Product Data Management System |
Affected:
8.3.0
Affected: 8.3.1 Affected: 8.3.2 Affected: 8.3.3 Affected: 8.3.4 Affected: 8.3.5 Affected: 8.3.6 Affected: 8.3.7 Affected: 8.3.8 Affected: 8.3.9 Unaffected: 8.3.10 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7727",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T12:53:56.950846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T12:54:03.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PDM Product Data Management System",
"vendor": "Shandong Hoteam Software",
"versions": [
{
"status": "affected",
"version": "8.3.0"
},
{
"status": "affected",
"version": "8.3.1"
},
{
"status": "affected",
"version": "8.3.2"
},
{
"status": "affected",
"version": "8.3.3"
},
{
"status": "affected",
"version": "8.3.4"
},
{
"status": "affected",
"version": "8.3.5"
},
{
"status": "affected",
"version": "8.3.6"
},
{
"status": "affected",
"version": "8.3.7"
},
{
"status": "affected",
"version": "8.3.8"
},
{
"status": "affected",
"version": "8.3.9"
},
{
"status": "unaffected",
"version": "8.3.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "red88-debug (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T03:15:27.138Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360902 | Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360902"
},
{
"name": "VDB-360902 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360902/cti"
},
{
"name": "Submit #803268 | Shandong Hoteam Software Co., Ltd. PDM \u003c8.3.10 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803268"
},
{
"tags": [
"related"
],
"url": "https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh"
},
{
"tags": [
"patch"
],
"url": "https://en.hoteamsoft.com/pdm"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T17:59:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7727",
"datePublished": "2026-05-04T03:15:27.138Z",
"dateReserved": "2026-05-03T15:54:31.734Z",
"dateUpdated": "2026-05-04T12:54:03.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}