SQL Injection Vulnerability in Guardian Language System
CVE-2026-34105
9.3CRITICAL
What is CVE-2026-34105?
The Guardian Language System is vulnerable to SQL injection due to the direct inclusion of the id parameter from GET requests into an unsanitized SQL query in the translate_text.php script. An authenticated attacker can exploit this flaw, allowing them to manipulate the SQL query and potentially gain unauthorized access to sensitive database information. Proper sanitization and parameterization of SQL queries are essential to mitigate this vulnerability and safeguard against similar threats.
Affected Version(s)
language-system 0
References
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
philopentest
