CVE-2025-4688 CRITICAL

CVE-2025-4688: SQLi in BGS Interactive's SINAV.LINK Exam Result Module

Vendor Bgs Interactive

Product SINAV.LINK Exam Result Module

Weakness CWE-89 · SQLi

Published September 16, 2025

Last update June 5, 2026

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection. This issue affects SINAV.LINK Exam Result Module: before 1.2.

Key dates

02Disclosure timeline

September 16, 2025 CVE published

June 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-4688

Related vulnerabilities

04Related CVE

CVE-2024-12404 CF Internal Link Shortcode <= 1.1.0 - Unauthenticated SQL Injection CVE-2025-6606 SourceCodester Best Salon Management System add-services.php sql injection CVE-2021-24403 WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection CVE-2025-7833 code-projects Church Donation System giving.php sql injection CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter