Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by Shandong Hoteam Software

    CVE-2026-7727 (GCVE-0-2026-7727)

    Vulnerability from nvd – Published: 2026-05-04 03:15 – Updated: 2026-05-04 12:54
    VLAI
    Title
    Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection
    Summary
    A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Shandong Hoteam Software PDM Product Data Management System Affected: 8.3.0
    Affected: 8.3.1
    Affected: 8.3.2
    Affected: 8.3.3
    Affected: 8.3.4
    Affected: 8.3.5
    Affected: 8.3.6
    Affected: 8.3.7
    Affected: 8.3.8
    Affected: 8.3.9
    Unaffected: 8.3.10
    Create a notification for this product.
    Credits
    red88-debug (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7727",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T12:53:56.950846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T12:54:03.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PDM Product Data Management System",
              "vendor": "Shandong Hoteam Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.3.0"
                },
                {
                  "status": "affected",
                  "version": "8.3.1"
                },
                {
                  "status": "affected",
                  "version": "8.3.2"
                },
                {
                  "status": "affected",
                  "version": "8.3.3"
                },
                {
                  "status": "affected",
                  "version": "8.3.4"
                },
                {
                  "status": "affected",
                  "version": "8.3.5"
                },
                {
                  "status": "affected",
                  "version": "8.3.6"
                },
                {
                  "status": "affected",
                  "version": "8.3.7"
                },
                {
                  "status": "affected",
                  "version": "8.3.8"
                },
                {
                  "status": "affected",
                  "version": "8.3.9"
                },
                {
                  "status": "unaffected",
                  "version": "8.3.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "red88-debug (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-04T03:15:27.138Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-360902 | Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/360902"
            },
            {
              "name": "VDB-360902 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/360902/cti"
            },
            {
              "name": "Submit #803268 | Shandong Hoteam Software Co., Ltd. PDM \u003c8.3.10 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/803268"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://en.hoteamsoft.com/pdm"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-03T17:59:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7727",
        "datePublished": "2026-05-04T03:15:27.138Z",
        "dateReserved": "2026-05-03T15:54:31.734Z",
        "dateUpdated": "2026-05-04T12:54:03.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7727 (GCVE-0-2026-7727)

    Vulnerability from cvelistv5 – Published: 2026-05-04 03:15 – Updated: 2026-05-04 12:54
    VLAI
    Title
    Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection
    Summary
    A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Shandong Hoteam Software PDM Product Data Management System Affected: 8.3.0
    Affected: 8.3.1
    Affected: 8.3.2
    Affected: 8.3.3
    Affected: 8.3.4
    Affected: 8.3.5
    Affected: 8.3.6
    Affected: 8.3.7
    Affected: 8.3.8
    Affected: 8.3.9
    Unaffected: 8.3.10
    Create a notification for this product.
    Credits
    red88-debug (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7727",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T12:53:56.950846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T12:54:03.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PDM Product Data Management System",
              "vendor": "Shandong Hoteam Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.3.0"
                },
                {
                  "status": "affected",
                  "version": "8.3.1"
                },
                {
                  "status": "affected",
                  "version": "8.3.2"
                },
                {
                  "status": "affected",
                  "version": "8.3.3"
                },
                {
                  "status": "affected",
                  "version": "8.3.4"
                },
                {
                  "status": "affected",
                  "version": "8.3.5"
                },
                {
                  "status": "affected",
                  "version": "8.3.6"
                },
                {
                  "status": "affected",
                  "version": "8.3.7"
                },
                {
                  "status": "affected",
                  "version": "8.3.8"
                },
                {
                  "status": "affected",
                  "version": "8.3.9"
                },
                {
                  "status": "unaffected",
                  "version": "8.3.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "red88-debug (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-04T03:15:27.138Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-360902 | Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/360902"
            },
            {
              "name": "VDB-360902 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/360902/cti"
            },
            {
              "name": "Submit #803268 | Shandong Hoteam Software Co., Ltd. PDM \u003c8.3.10 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/803268"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://en.hoteamsoft.com/pdm"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-03T17:59:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7727",
        "datePublished": "2026-05-04T03:15:27.138Z",
        "dateReserved": "2026-05-03T15:54:31.734Z",
        "dateUpdated": "2026-05-04T12:54:03.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }