Submit #803268: Shandong Hoteam Software Co., Ltd. PDM <8.3.10 SQL Injectioninfo

TitleShandong Hoteam Software Co., Ltd. PDM <8.3.10 SQL Injection
DescriptionA critical SQL injection vulnerability has been identified in Shandong Hoteam Software Co., Ltd. Hoteam PDM. The vulnerability exists in the /Base/BaseService.asmx/DataService endpoint, which is accessible without authentication. The issue lies in the handling of the SortOrder parameter within the GetQueryMachineGridOnePageData service URI. By crafting a malicious JSON payload, a remote, unauthenticated attacker can inject arbitrary SQL commands into the backend SQL Server database.
Source⚠️ https://ucn9h68n9289.feishu.cn/wiki/KvbxwRlmRihO8ZkT1E1c64pdngh
User
 Anonymous User
Submission04/13/2026 04:20 (3 months ago)
Moderation05/03/2026 17:54 (21 days later)
StatusAccepted
VulDB entry360902 [Shandong Hoteam Software PDM Product Data Management System up to 8.3.9 DataService GetQueryMachineGridOnePageData SortOrder sql injection]
Points20

Do you know our Splunk app?

Download it now for free!