Skip to main content

Pdm Product Data Management System

1 CVEs product

Monthly

CVE-2026-7727 MEDIUM PATCH This Month

SQL injection in Shandong Hoteam PDM Product Data Management System versions ≤8.3.9 allows remote unauthenticated attackers to execute arbitrary SQL commands via the SortOrder parameter in the GetQueryMachineGridOnePageData function of /Base/BaseService.asmx/DataService endpoint. The vulnerability enables unauthorized data access, modification, and potential service disruption (CVSS 7.3: C:L/I:L/A:L). Vendor-released patch available in version 8.3.10. EPSS data not available; no CISA KEV listing or public exploit code identified at time of analysis.

SQLi Pdm Product Data Management System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

SQL injection in Shandong Hoteam PDM Product Data Management System versions ≤8.3.9 allows remote unauthenticated attackers to execute arbitrary SQL commands via the SortOrder parameter in the GetQueryMachineGridOnePageData function of /Base/BaseService.asmx/DataService endpoint. The vulnerability enables unauthorized data access, modification, and potential service disruption (CVSS 7.3: C:L/I:L/A:L). Vendor-released patch available in version 8.3.10. EPSS data not available; no CISA KEV listing or public exploit code identified at time of analysis.

SQLi Pdm Product Data Management System
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy