A critical SQL injection vulnerability affects Borg SPM 2007, a sales performance management software developed by BorG Technology Corporation. The product reached end-of-life with sales discontinued in 2008, leaving no supported remediation path. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands with full database access—enabling unauthorized read, modification, [truncated]
CRITICALBorG Technology CorporationCVE published 2026-04-23
A critical authentication bypass vulnerability in Borg SPM 2007, a sales performance management software whose sales ended in 2008, allows unauthenticated remote attackers to authenticate as any user. The vulnerability was published on April 23, 2026, and last modified on May 19, 2026. The product is no longer supported, and no patches are available. Organizations should remove or isolate affected systems [truncated]
CRITICALBorG Technology CorporationCVE published 2026-04-23
A critical arbitrary file upload vulnerability in Borg SPM 2007, a product whose sales ended in 2008, allows unauthenticated remote attackers to upload and execute web shell backdoors, resulting in arbitrary code execution on affected servers. The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). Given the product's end-of-life status and the critical severity (CVSS [truncated]
