Borg SPM 2007 EUVD-2026-25213

| CVE-2026-6887 CRITICAL
SQL Injection (CWE-89)
2026-04-23 twcert
SQLi Borg Spm 2007
9.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 23, 2026 - 10:30 vuln.today
CVSS changed
Apr 23, 2026 - 10:22 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)

DescriptionNVD

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

AnalysisAI

SQL injection in Borg SPM 2007 allows unauthenticated remote attackers to execute arbitrary SQL commands via network requests, enabling complete database compromise including read, modify, and delete operations. This legacy product (sales ended 2008) receives a critical CVSS 9.3 score with network vector, low complexity, and no authentication required. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all systems running Borg SPM 2007 and isolate them from production networks or external connectivity; disable remote access if operationally feasible. Within 7 days: Conduct a forensic audit of database access logs and network traffic to detect compromise; if evidence of exploitation exists, initiate incident response and notify stakeholders. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-25213 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy