CVE-2026-6887
published 2026-04-23CVE-2026-6887: Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.36%
27.7th percentile
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| borg_technology_corporation | borg_spm_2007 | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m76h-rrc9-vvgj: Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attack
ghsa_unreviewed·2026-04-23
CVE-2026-6887 [CRITICAL] CWE-89 GHSA-m76h-rrc9-vvgj: Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attack
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
VulDB
BorG SPM 2007 sql injection (EUVD-2026-25213)
vuldb·2026-04-23·CVSS 9.3
CVE-2026-6887 [CRITICAL] BorG SPM 2007 sql injection (EUVD-2026-25213)
A vulnerability was found in BorG SPM 2007. It has been rated as critical. The impacted element is an unknown function. The manipulation leads to sql injection.
This vulnerability is referenced as CVE-2026-6887. Remote exploitation of the attack is possible. No exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-23
Published