SQL Injection Vulnerability in Guardian Language System by Guardian
CVE-2026-34103

9.3CRITICAL

Key Information:

Vendor

Guardian

Vendor
CVE Published:
1 July 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-34103?

A SQL injection vulnerability exists in the Guardian Language System where the id parameter from the GET request is directly passed into an unsanitized SQL query within subtitles.php. This flaw allows an authenticated attacker to conduct error-based SQL injection attacks, potentially enabling them to retrieve sensitive database information. Organizations using this system need to implement security measures to sanitize input and protect against unauthorized database access.

Affected Version(s)

language-system 0

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

philopentest
.