CVE 8.7 HIGH

Flowring｜Docpedia – SQL Injection_CVE-2026-2094

February 10, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

AI Analysis

SQL Injection vulnerability allowing remote attackers to inject arbitrary SQL commands

Basic Information

ID CVE-2026-2094

Source twcert

Published Feb 10, 2026 at 06:47

Affected Product

Vendor Flowring

Product Docpedia

Version 3.0

Affected Versions Flowring Docpedia 3.0

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Flowring

Product Docpedia

Version 3.0

References

{
    "lastseen": "",
    "description": "Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.",
    "published": "2026-02-10T06:47:48.118Z",
    "modified": "2026-02-10T06:47:48.118Z",
    "type": "cve",
    "title": "Flowring\uff5cDocpedia - SQL Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10697-6a30b-1.html\nhttps://www.twcert.org.tw/en/cp-139-10698-1ab75-2.html",
    "id": "CVE-2026-2094",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Flowring Docpedia 3.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Docpedia",
    "version": "3.0",
    "vendor": "Flowring",
    "ai_description": "SQL Injection vulnerability allowing remote attackers to inject arbitrary SQL commands",
    "ai_severity": "High",
    "ai_vendor": "Flowring",
    "ai_product": "Docpedia",
    "ai_version": "3.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply