Unauthenticated SQL Injection in Guardian Language-System by Asthenic Technologies
CVE-2026-34099

9.3CRITICAL

Key Information:

Vendor

Guardian

Vendor
CVE Published:
1 July 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-34099?

The Guardian Language-System is vulnerable due to improper handling of the GET parameter 'id' in the job_info.php file. This vulnerability allows an unauthenticated attacker to execute an error-based SQL injection, potentially exposing sensitive database information such as the database version, current user, schema names, and the contents of tables. The flaw goes undetected as no authentication is required to exploit it, making it a critical vector for database compromise.

Affected Version(s)

language-system 0

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

philopentest
.