Borg Spm 2007
Monthly
SQL injection in Borg SPM 2007 allows unauthenticated remote attackers to execute arbitrary SQL commands via network requests, enabling complete database compromise including read, modify, and delete operations. This legacy product (sales ended 2008) receives a critical CVSS 9.3 score with network vector, low complexity, and no authentication required. Taiwan CERT issued advisories identifying this as a SQL injection vulnerability affecting an end-of-life business management system, though no active exploitation evidence (KEV) or public exploit code has been identified at time of analysis.
Authentication bypass in Borg SPM 2007 allows remote unauthenticated attackers to impersonate any user and gain complete system access without credentials. This discontinued product (sales ended 2008) presents maximum network exposure (CVSS:4.0 9.3, AV:N/AC:L/PR:N) with trivial exploitation conditions. While no CISA KEV listing exists, the simplicity of exploitation combined with complete system compromise (VC:H/VI:H/VA:H) makes this critical for organizations still running this legacy software, though real-world deployment is likely minimal given the 18-year product discontinuation.
Remote code execution in Borg SPM 2007 allows unauthenticated attackers to upload and execute web shell backdoors via unrestricted file upload vulnerability. This discontinued product (sales ended 2008) remains exploitable over the network with no authentication required, enabling full server compromise. CVSS 9.3 (Critical) with network vector, low complexity, and no privileges required. EPSS and KEV data not available for this CVE, but the trivial attack requirements (AV:N/AC:L/PR:N/UI:N) indicate high exploitability if exposed systems exist.
SQL injection in Borg SPM 2007 allows unauthenticated remote attackers to execute arbitrary SQL commands via network requests, enabling complete database compromise including read, modify, and delete operations. This legacy product (sales ended 2008) receives a critical CVSS 9.3 score with network vector, low complexity, and no authentication required. Taiwan CERT issued advisories identifying this as a SQL injection vulnerability affecting an end-of-life business management system, though no active exploitation evidence (KEV) or public exploit code has been identified at time of analysis.
Authentication bypass in Borg SPM 2007 allows remote unauthenticated attackers to impersonate any user and gain complete system access without credentials. This discontinued product (sales ended 2008) presents maximum network exposure (CVSS:4.0 9.3, AV:N/AC:L/PR:N) with trivial exploitation conditions. While no CISA KEV listing exists, the simplicity of exploitation combined with complete system compromise (VC:H/VI:H/VA:H) makes this critical for organizations still running this legacy software, though real-world deployment is likely minimal given the 18-year product discontinuation.
Remote code execution in Borg SPM 2007 allows unauthenticated attackers to upload and execute web shell backdoors via unrestricted file upload vulnerability. This discontinued product (sales ended 2008) remains exploitable over the network with no authentication required, enabling full server compromise. CVSS 9.3 (Critical) with network vector, low complexity, and no privileges required. EPSS and KEV data not available for this CVE, but the trivial attack requirements (AV:N/AC:L/PR:N/UI:N) indicate high exploitability if exposed systems exist.