CVE-2026-2093 HIGH

CVE-2026-2093: Flowring｜Docpedia - SQL Injection

Vendor Flowring

Product Docpedia

Weakness CWE-89 · SQLi

Published February 10, 2026

Last update February 10, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Key dates

02Disclosure timeline

February 10, 2026 CVE published

February 10, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-2093 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-47587 WordPress YaySMTP plugin <= 2.6.4 - SQL Injection Vulnerability CVE-2023-0706 SourceCodester Medical Certificate Generator App manage_record.php sql injection CVE-2025-6822 code-projects Inventory Management System removeProduct.php sql injection CVE-2025-5650 1000projects Online Notice Board register.php sql injection CVE-2025-34136 Commvault CommServe Web Server Unauthenticated SQL Injection