SQL Injection Vulnerability in Online Exam and Assessment by Kodmatic
CVE-2025-4686

8.6HIGH

Key Information:

Vendor: Kodmatic Computer Software Tourism Construction Industry And Trade Ltd. Co.
Status: Online Exam And Assessment
Vendor: CVE Published:; 30 January 2026

🔔 Create Kodmatic Computer Software Tourism Construction Industry And Trade Ltd. Co. Vulnerability Alert

What is CVE-2025-4686?

An SQL Injection vulnerability exists in the Online Exam and Assessment software developed by Kodmatic. This flaw enables attackers to execute arbitrary SQL commands, potentially compromising the database and exposing sensitive data. Despite early notifications, the vendor has not responded regarding this security issue, raising concerns about the safety of users relying on this application.

Affected Version(s)

Online Exam and Assessment 0 <= 30012026

References

https://www.usom.gov.tr/bildirim/tr-26-0010

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2026
Vulnerability Reserved
May 14, 2025

Credit

Hasan Yasin YAŞAR

CVE-2025-4686 Data

JSON