CVE-2026-6887
BorG Technology Corporation · SPM 2007
The legacy Borg SPM 2007 application is susceptible to an unauthenticated SQL injection vulnerability, potentially allowing full database compromise.
Executive summary
An unauthenticated SQL injection vulnerability in the end-of-life Borg SPM 2007 software poses a critical risk of unauthorized database access and data exfiltration.
Vulnerability
The application fails to properly sanitize user-supplied input before executing database queries. This allows an unauthenticated, remote attacker to perform SQL injection attacks to read, modify, or delete sensitive data stored in the backend database.
Business impact
This vulnerability allows for total compromise of the database, leading to potential theft of intellectual property, customer PII, and loss of data integrity. Given the 9.8 CVSS score, the risk is extreme, particularly for organizations still relying on this unsupported, end-of-life software.
Remediation
Immediate Action: Because this product reached end-of-life in 2008, the recommended action is to decommission the software and migrate to a modern, supported alternative.
Proactive Monitoring: Implement database activity monitoring to detect unauthorized queries or abnormal access patterns that deviate from standard application behavior.
Compensating Controls: Deploy a Web Application Firewall (WAF) with strict SQL injection rule sets to block malicious traffic directed at the application.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
As the software is long past its end-of-life, patching is unlikely. Organizations must prioritize the migration away from this legacy platform, as it remains highly vulnerable to trivial exploitation by unauthenticated actors.