OS Command Injection in Guardian Language System by Vendor
CVE-2026-34107
9.3CRITICAL
What is CVE-2026-34107?
The Guardian Language System contains a serious vulnerability that allows unauthenticated remote attackers to execute arbitrary operating system commands. This occurs due to improper handling of the 'id' parameter in the translate.php file, where the parameter is directly included in a PHP exec() call without any sanitization measures. An attacker can exploit this flaw by appending shell metacharacters, enabling the execution of potentially harmful commands on the server.
Affected Version(s)
language-system 0
References
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
philopentest
