← Voltar para CVEs
CVE-2026-7727
HIGH7.3
Descricao
A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be initiated remotely. Upgrading to version 8.3.10 is able to mitigate this issue. You should upgrade the affected component.
Detalhes CVE
Pontuacao CVSS v3.17.3
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/4/2026
Ultima modificacao5/4/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-74CWE-89
Referencias
https://en.hoteamsoft.com/pdm(cna@vuldb.com)
https://vuldb.com/submit/803268(cna@vuldb.com)
https://vuldb.com/vuln/360902(cna@vuldb.com)
https://vuldb.com/vuln/360902/cti(cna@vuldb.com)
https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.