CVE-2026-7727

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published May 04, 2026

Vendor unknown

Description

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.

References

https://en.hoteamsoft.com/pdm
https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh
https://vuldb.com/submit/803268
https://vuldb.com/vuln/360902
https://vuldb.com/vuln/360902/cti