OS Command Injection Vulnerability in Guardian Language System
CVE-2026-34110
9.3CRITICAL
What is CVE-2026-34110?
The Guardian Language System has a vulnerability where the id parameter from a GET request is passed directly to a PHP exec() function without proper sanitization in complex_start.php. This flaw allows unauthenticated remote attackers to execute arbitrary OS commands by injecting shell metacharacters. By leveraging this vulnerability, attackers can manipulate the server, potentially leading to significant security breaches.
Affected Version(s)
language-system 0
References
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
philopentest
