Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-7727
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-04 May, 2026 | 03:15
Updated At-04 May, 2026 | 12:54
Rejected At-
▼CVE Numbering Authority (CNA)
Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.

Affected Products
Vendor
Shandong Hoteam Software
Product
PDM Product Data Management System
Versions
Affected
  • 8.3.0
  • 8.3.1
  • 8.3.2
  • 8.3.3
  • 8.3.4
  • 8.3.5
  • 8.3.6
  • 8.3.7
  • 8.3.8
  • 8.3.9
Unaffected
  • 8.3.10
Problem Types
TypeCWE IDDescription
CWECWE-89SQL Injection
CWECWE-74Injection
Type: CWE
CWE ID: CWE-89
Description: SQL Injection
Type: CWE
CWE ID: CWE-74
Description: Injection
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
3.07.3HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
2.07.5N/A
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
Version: 3.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
Version: 2.0
Base score: 7.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
red88-debug (VulDB User)
Timeline
EventDate
Advisory disclosed2026-05-03 00:00:00
VulDB entry created2026-05-03 02:00:00
VulDB entry last update2026-05-03 17:59:39
Event: Advisory disclosed
Date: 2026-05-03 00:00:00
Event: VulDB entry created
Date: 2026-05-03 02:00:00
Event: VulDB entry last update
Date: 2026-05-03 17:59:39
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/vuln/360902
vdb-entry
technical-description
https://vuldb.com/vuln/360902/cti
signature
permissions-required
https://vuldb.com/submit/803268
third-party-advisory
https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh
related
https://en.hoteamsoft.com/pdm
patch
Hyperlink: https://vuldb.com/vuln/360902
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/360902/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/submit/803268
Resource:
third-party-advisory
Hyperlink: https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh
Resource:
related
Hyperlink: https://en.hoteamsoft.com/pdm
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh
exploit
Hyperlink: https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh
Resource:
exploit
Details not found