CVE-2025-4686

HIGH

Kodmatic Online Exam and Assessment through 30012026 - SQL Injection

Title source: llm

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection.This issue affects Online Exam and Assessment: through 30012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

nomisec STUB

by sahici · poc

https://github.com/sahici/CVE-2025-4686

View Code ZIP pw:eip

References (1)

[Third Party Advisory, US Government Resource] https://www.usom.gov.tr/bildirim/tr-26-0010

Scores

CVSS v3 8.6

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co./Online Exam and Assessment < 30012026

Published Jan 30, 2026

Tracked Since Feb 18, 2026