Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.
AnalysisAI
SQL injection in Shandong Hoteam PDM Product Data Management System versions ≤8.3.9 allows remote unauthenticated attackers to execute arbitrary SQL commands via the SortOrder parameter in the GetQueryMachineGridOnePageData function of /Base/BaseService.asmx/DataService endpoint. The vulnerability enables unauthorized data access, modification, and potential service disruption (CVSS 7.3: C:L/I:L/A:L). Vendor-released patch available in version 8.3.10. EPSS data not available; no CISA KEV listing or public exploit code identified at time of analysis.
Technical ContextAI
This is a classic SQL injection vulnerability (CWE-89) in a .NET ASMX web service endpoint. The affected component is BaseService.asmx/DataService, which appears to be a backend data service for the PDM (Product Data Management) system. The GetQueryMachineGridOnePageData function accepts user-controlled input via the SortOrder parameter, which is directly incorporated into SQL queries without proper sanitization or parameterization. PDM systems typically manage engineering documents, CAD files, and product lifecycle data, making them high-value targets in manufacturing and engineering environments. The .asmx extension indicates legacy ASP.NET Web Services (pre-WCF), which historically lack built-in protections against injection attacks unless developers explicitly implement parameterized queries or stored procedures.
RemediationAI
Upgrade to Shandong Hoteam PDM Product Data Management System version 8.3.10, which vendor confirms addresses this SQL injection vulnerability (patch reference: https://en.hoteamsoft.com/pdm). Organizations unable to immediately upgrade should implement network-level access controls: restrict /Base/BaseService.asmx/DataService endpoint access to authenticated internal IP ranges only via firewall rules or web application firewall policies, blocking external and unauthenticated access entirely (trade-off: breaks any legitimate external integrations relying on this endpoint). Additional compensating control: deploy database activity monitoring to detect SQL injection attempts via anomalous query patterns in PDM database logs, focusing on queries originating from the BaseService component (trade-off: detective rather than preventive, requires 24/7 SOC monitoring). Web application firewall rules can filter malicious SortOrder payloads containing SQL metacharacters, but attackers may bypass signature-based detection (trade-off: maintenance overhead, false positives on legitimate special characters). Validate patch effectiveness post-upgrade by testing the SortOrder parameter with SQL injection payloads in non-production environment.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26881