CVE-2026-7727

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be init...

high 7.3 CVSS 3.1

Published: May 4, 2026

Modified: May 4, 2026

Description

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.

References

https://en.hoteamsoft.com/pdm
https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh
https://vuldb.com/submit/803268
https://vuldb.com/vuln/360902
https://vuldb.com/vuln/360902/cti
https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh

Version	3.1
Score	7.3 / 10
Severity	high