Impact
The Guardian language-system component contains an unauthenticated SQL injection flaw in job_info.php, where the id GET parameter is concatenated directly into an unsanitized query. This permits an attacker to execute arbitrary SQL statements without credentials, enabling error-based extraction of database metadata such as version, current user, schema names, and table contents. The weakness aligns with CWE-89 and can lead to full database compromise.
Affected Systems
The vulnerability affects all releases of the Guardian language-system component. No specific affected versions are listed, so any deployment of this software that exposes job_info.php is potentially vulnerable. Administrators should assess whether the interface is publicly reachable.
Risk and Exploitability
The CVSS score of 9.3 indicates a high impact vulnerability with an availability, confidentiality, and integrity impact. The lack of an EPSS score means current exploitation probability is unknown, and the issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a web request to job_info.php with a crafted id parameter. If exploited, an attacker could read sensitive data from the database, potentially leading to data exfiltration or further exploitation of related services.
OpenCVE Enrichment