Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
AnalysisAI
SQL injection in Borg SPM 2007 allows unauthenticated remote attackers to execute arbitrary SQL commands via network requests, enabling complete database compromise including read, modify, and delete operations. This legacy product (sales ended 2008) receives a critical CVSS 9.3 score with network vector, low complexity, and no authentication required. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against network-accessible Borg SPM 2007 installations per CVSS vector AV:N/AC:L/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates maximum exploitability: network-accessible attack surface with low complexity and zero authentication requirements, enabling any remote attacker to exploit this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker identifies an internet-exposed Borg SPM 2007 installation through banner grabbing or reconnaissance of Taiwan-based organizations. Without any authentication, the attacker sends HTTP requests containing SQL injection payloads in user-controllable parameters such as search fields, login forms, or report generation interfaces. … |
| Remediation | No vendor-released patch identified at time of analysis due to the product's end-of-life status (sales ended 2008). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running Borg SPM 2007 and isolate them from production networks or external connectivity; disable remote access if operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Borg Spm 2007
View allRemote code execution in Borg SPM 2007 allows unauthenticated attackers to upload and execute web shell backdoors via un
Authentication bypass in Borg SPM 2007 allows remote unauthenticated attackers to impersonate any user and gain complete
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25213