Description
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Guardian Language-System performs a direct concatenation of the id GET parameter into a SQL query in media.php without any input sanitization. This flaw allows an attacker who can supply a crafted id value to trigger an error‑based SQL injection that may reveal database contents, thereby compromising the confidentiality of the system’s data. The weakness is classed as a classic CWE‑89 "SQL Injection" vulnerability.

Affected Systems

The vulnerability affects the Guardian Language-System web application. No specific product version information is listed in the advisory, so all installations of this system need to be assessed for the presence of media.php and its id handling.

Risk and Exploitability

The CVSS score of 9.3 indicates a high severity risk, and the vulnerability is considered exploitable because the application directly applies user input to a database query. The EPSS score is not available, and the vulnerability is not catalogued in CISA KEV. Likely exploitation would proceed over the web by accessing the media.php endpoint with a crafted id parameter. If the attacker can authenticate, they can extract sensitive data through the error messages produced.

Generated by OpenCVE AI on July 1, 2026 at 23:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑released patch or upgrade to a version where media.php sanitizes the id parameter or uses prepared statements.
  • Implement parameterized queries or stored procedures for all database interactions involving user‑supplied values, especially id parameters.
  • Restrict access to media.php to authenticated users only and enforce least‑privilege access controls. If a patch is not yet available, block or limit the endpoint via web‑server rules or a firewall to reduce exposure.

Generated by OpenCVE AI on July 1, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Title Guardian Language-System Unauthenticated SQL Injection via id Parameter in media.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T16:48:41.539Z

Reserved: 2026-03-25T18:43:09.826Z

Link: CVE-2026-34100

cve-icon Vulnrichment

Updated: 2026-07-01T16:48:37.996Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T23:15:04Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')