Exploit for CVE-2026-3843

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in application/x-www-form-urlencoded data (e.g., action=do&sql=&reload_driver=0) to execute arbitrary SQL commands and potentially achieve remote code execution.

Published: 2026-03-10

CVSS: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download Exploit for CVE-2026-3843 here:

http://zeroday3sv534ljdendaufcrorz67yg6iujdpaknp6zqgxaevb7okfid.onion/exploit-for-cve-2026-3843.724/

Use Tor Browser to access .onion site.

https://sonitex.com/exploit-568-cve-2026-28451/

https://sonitex.com/exploit-263-cve-2026-25952/

https://sonitex.com/exploit-117-cve-2026-2964/

https://sonitex.com/exploit-433-cve-2024-55026/

https://sonitex.com/exploit-320-cve-2026-3287/