Description
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current user, schema names, and table contents.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Guardian language-system component contains an unauthenticated SQL injection flaw in job_info.php, where the id GET parameter is concatenated directly into an unsanitized query. This permits an attacker to execute arbitrary SQL statements without credentials, enabling error-based extraction of database metadata such as version, current user, schema names, and table contents. The weakness aligns with CWE-89 and can lead to full database compromise.

Affected Systems

The vulnerability affects all releases of the Guardian language-system component. No specific affected versions are listed, so any deployment of this software that exposes job_info.php is potentially vulnerable. Administrators should assess whether the interface is publicly reachable.

Risk and Exploitability

The CVSS score of 9.3 indicates a high impact vulnerability with an availability, confidentiality, and integrity impact. The lack of an EPSS score means current exploitation probability is unknown, and the issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a web request to job_info.php with a crafted id parameter. If exploited, an attacker could read sensitive data from the database, potentially leading to data exfiltration or further exploitation of related services.

Generated by OpenCVE AI on July 1, 2026 at 18:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor-supplied patch or update to the latest version of Guardian language-system.
  • If no patch is available, restrict access to job_info.php to authenticated users only or remove the endpoint from public exposure.
  • Sanitize the id parameter in code, for example by using prepared statements or parameterized queries, and enforce strict input validation.
  • Monitor application logs for unexpected SQL error messages and block malicious IPs as necessary.

Generated by OpenCVE AI on July 1, 2026 at 18:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current user, schema names, and table contents.
Title Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T16:08:08.295Z

Reserved: 2026-03-25T18:43:09.826Z

Link: CVE-2026-34099

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T18:15:15Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')