Description
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Published: 2026-04-23
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Data Compromise
Action: Replace Product
AI Analysis

Impact

Borg SPM 2007 contains a SQL Injection flaw that lets unauthenticated remote attackers run arbitrary SQL statements, enabling them to read, modify, and delete data stored in the database. The weakness, identified as CWE‑89, lets an attacker bypass all authentication controls and directly influence the database contents, potentially exposing sensitive information and altering system state.

Affected Systems

The vulnerability affects Borg SPM 2007 from BorG Technology Corporation. No specific version range is listed, but the product was discontinued in 2008 and remains vulnerable.

Risk and Exploitability

The CVSS score is 9.3, indicating a high severity. The EPSS score is below 1 %, suggesting a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely without needing credentials, making the risk persistent for any systems still running the unsupported product.

Generated by OpenCVE AI on April 28, 2026 at 14:55 UTC.

Remediation

Vendor Solution

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

OpenCVE Recommended Actions

  • Replace Borg SPM 2007 with a supported solution or discontinue usage.
  • Segregate the application server from the internet and restrict inbound traffic to only trusted sources.
  • Deploy a web‑application firewall or implement strict input validation to block malicious SQL patterns.

Generated by OpenCVE AI on April 28, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Borg Technology Corporation
Borg Technology Corporation borg Spm 2007
Vendors & Products Borg Technology Corporation
Borg Technology Corporation borg Spm 2007

Thu, 23 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Description Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Title BorG Technology Corporation|Borg SPM 2007 - SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Borg Technology Corporation Borg Spm 2007
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-04-23T12:09:21.841Z

Reserved: 2026-04-23T02:43:18.965Z

Link: CVE-2026-6887

cve-icon Vulnrichment

Updated: 2026-04-23T12:09:14.986Z

cve-icon NVD

Status : Deferred

Published: 2026-04-23T10:16:18.527

Modified: 2026-05-19T15:52:30.143

Link: CVE-2026-6887

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T15:00:14Z

Weaknesses