OS Command Injection in Guardian Language-System by Vendor
CVE-2026-34114
9.3CRITICAL
What is CVE-2026-34114?
The Guardian Language-System is vulnerable to an OS command injection through the 'id' parameter in the translate_text.php script. The application directly processes user input without proper sanitization, allowing an unauthenticated attacker to append malicious shell commands. This can lead to arbitrary command execution on the server, posing a significant security risk. Mitigation strategies should include input validation and sanitization to prevent exploitation.
Affected Version(s)
language-system 0
References
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
philopentest
