Description
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Guardian language-system allows an authenticated user to inject arbitrary SQL into a query that retrieves file meta data. By supplying a crafted id value, the attacker can trigger errors that reveal database structure and contents, potentially exposing sensitive information stored in the files table. This weakness is a classic data‑exfiltration vulnerability classified as CWE‑89 and can compromise confidentiality and integrity of the database.

Affected Systems

The vulnerability exists in the Guardian language-system application, specifically the text_file.php component. No version information is disclosed. Any installation that uses this component is potentially affected.

Risk and Exploitability

The CVSS score of 9.3 reflects a high‑severity defect with a likely exploitation scope of the entire database. The EPSS score is not available, so the current exploitation probability cannot be quantified, but the KEV status shows the vulnerability is not yet listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, the attack vector likely requires authentication to the application, but the absence of an access control test suggests the endpoint may be reachable by unauthenticated users as well. An attacker who can submit the id parameter can exploit the unsanitized input and obtain database contents through error messages.

Generated by OpenCVE AI on July 1, 2026 at 18:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a version where the id parameter is properly sanitized or parameterized.
  • Remove or limit external access to the text_file.php endpoint so that only authorized users can invoke it.
  • Ensure the database user used by the application has the principle of least privilege and cannot read sensitive configuration tables.
  • Monitor database logs for abnormal query patterns or error messages that indicate attempted SQL injection.
  • Consider implementing a web application firewall rule to block suspicious payloads targeting the id parameter.

Generated by OpenCVE AI on July 1, 2026 at 18:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Title Guardian Language-System Unauthenticated SQL Injection via id Parameter in text_file.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T17:59:31.201Z

Reserved: 2026-03-25T18:43:09.826Z

Link: CVE-2026-34101

cve-icon Vulnrichment

Updated: 2026-07-01T17:52:15.335Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T18:15:15Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')