Nefteprodukttekhnika BUK TS-G Gas Station Automation System SQL Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A SQL injection vulnerability has been identified in the Nefteprodukttekhnika BUK TS-G Gas Station Automation System version 2.9.1 on Linux. The vulnerability exists in the system configuration module, where a remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint. By manipulating the sql parameter in the application/x-www-form-urlencoded data, attackers can execute arbitrary SQL commands. This exploitation could potentially lead to remote code execution.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can execute arbitrary SQL commands. This could be used to manipulate the database, extract sensitive information, or in some cases, achieve remote code execution.

Added: Mar 10, 2026, 6:27 PM

Updated: Mar 10, 2026, 6:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.0

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.0

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nefteprodukttekhnika BUK TS-G Gas Station Automation System SQL Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating