SQL Injection Vulnerability in Guardian Language System by Guardian Technologies
CVE-2026-34101

9.3CRITICAL

Key Information:

Vendor

Guardian

Vendor
CVE Published:
1 July 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-34101?

The Guardian Language System is susceptible to an SQL injection vulnerability due to the unsanitized handling of the 'id' parameter in the text_file.php file. An authenticated attacker can manipulate the id parameter to execute arbitrary SQL commands through error-based injection, potentially exposing sensitive database contents. This flaw underscores the importance of implementing proper input validation and prepared statements in database queries to safeguard against such attacks.

Affected Version(s)

language-system 0

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

philopentest
.