Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Nefteprodukttekhnika BUK TS-G Gas Station Automation System on Linux vulnerable to unauthorized data access
CVE-2026-3843
Summary
A hacker can send malicious requests to the system's configuration module, potentially allowing them to access or modify sensitive data. This could lead to unauthorized changes or the theft of important information. To protect your system, apply updates and ensure your software is up to date.
Original title
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially c...
Original description
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in application/x-www-form-urlencoded data (e.g., action=do&sql=<query_here>&reload_driver=0) to execute arbitrary SQL commands and potentially achieve remote code execution.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-89
SQL Injection
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026