Home / Vulnerability Intelligence / CVE-2026-3843

CVE-2026-3843 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 11, 2026

Nefteprodukttekhnika BUK TS-G Gas Station Automation System - SQL Injection

Published: March 10, 2026Updated: March 11, 2026Remote Exploitable

Overview

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a sql injection caused by improper sanitization of the sql parameter in /php/request.php, letting remote attackers execute arbitrary SQL commands and potentially remote code execution, exploit requires crafted HTTP POST requests.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 44.3%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary SQL commands and potentially achieve remote code execution, risking full system compromise.

Mitigation

Update to the latest version or apply vendor patches addressing the SQL injection vulnerability.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 10, 2026

🔴 CVE-2026-3843 - Critical (9.8) Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3843/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3843
Severity: Critical
CVSS Score: 9.8
Type: sql_injection
Status: unconfirmed
EPSS: 44.3%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

44.3%Probability of exploitation in the next 30 days