CVE-2026-2093
7.5 HIGHPublished 2026-02-10 · Modified 2026-02-10 · Received
Quick Summary
A SQL injection vulnerability exists in the Docpedia software from Flowring, allowing attackers to send specially crafted commands directly to the database. This is a serious flaw because it can be exploited remotely without needing a login.
Who is affected
Any organization using the vulnerable Docpedia software is affected. An attacker could read sensitive information from the database, such as user credentials or private documents.
Recommended fix
Immediately apply any security patches provided by Flowring. If a patch is not available, implement strict input validation and use parameterized queries to block malicious SQL commands.
Technical Description
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-89