Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】Borg Technology|Borg SPM 2007 - Contains 3 Vulnerabilities

publish date : 2026-04-30 update date : 2026-04-30

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026042704044646 Publication Time 2026/04/27 16:45
Incident Type ANA-Vulnerability Alert Discovery Time 2026/04/27 16:45
Impact Level Low  
[Subject]
【Vulnerability Alert】Borg Technology|Borg SPM 2007 - Contains 3 Vulnerabilities
[Content]
Forwarded from TWCERTCC-200-202604-00000026

【Borg Technology|Borg SPM 2007 - Arbitrary File Upload】(CVE-2026-6885, CVSS: 9.8) An unauthenticated remote attacker can upload and execute a web backdoor program, thereby executing arbitrary code on the server side.

【Borg Technology|Borg SPM 2007 - Authentication Bypass】(CVE-2026-6886, CVSS: 9.8) An unauthenticated remote attacker can log in to the system as any user.

【Borg Technology|Borg SPM 2007 - SQL Injection】(CVE-2026-6887, CVSS: 9.8) An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.


(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]

Borg SPM 2007 (discontinued in 2008)
[Recommended Actions]

Regardless of the system version, customers who continue to have a signed maintenance contract should contact the vendor for assistance with patching, or upgrade to the latest version of the system (SPM2025 SP1 has passed source code scanning).

Users who have not signed a maintenance contract and are still continuing to use this version of the system should contact the vendor to discuss subsequent handling matters.
[Reference]
https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print