SQL Injection Vulnerability in Guardian Language System Media.php
CVE-2026-34100

9.3CRITICAL

Key Information:

Vendor

Guardian

Vendor
CVE Published:
1 July 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-34100?

The Guardian Language System contains a SQL injection vulnerability that arises from the unsanitized inclusion of the 'id' GET parameter in the SQL query within the media.php file. An authenticated attacker can exploit this vulnerability to execute malicious SQL queries, potentially leading to the exposure of sensitive database contents. Proper input validation and sanitization measures should be implemented to mitigate the risk associated with this vulnerability.

Affected Version(s)

language-system 0

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

philopentest
.