CVE-2025-4686
Time-Based Blind SQLi in Kodmatic Computer's Online Exam and Assessment
CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
12th
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection.This issue affects Online Exam and Assessment: through 30012026.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-89 |
| Vendor | kodmatic computer software tourism construction industry and trade ltd. co. |
| Product | online exam and assessment |
| Published | Jan 30, 2026 |
| Last Updated | Mar 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for kodmatic computer software tourism construction industry and trade ltd. co. online exam and assessment
Be the first to know when new high vulnerabilities affecting kodmatic computer software tourism construction industry and trade ltd. co. online exam and assessment are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Affected Versions
Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. / Online Exam and Assessment
0 β€ 30012026
References
Credits
Hasan Yasin YAΕAR