Description
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Guardian language-system allows an authenticated attacker to supply an id value through the id GET parameter that is concatenated directly into a SQL query without sanitization or use of prepared statements. This flaw is a classic instance of SQL injection (CWE-89) and permits injection of arbitrary SQL code into the query. When exploited, the attacker can trigger error messages and extract database contents, leading to a full breach of confidentiality of operational data. The CVSS score of 9.3 reflects the severity of this risk.

Affected Systems

The vulnerable component is the Guardian language-system, specifically job_info_get.php. No version numbers are listed in the advisory, so all installations of this product are potentially affected until the issue is addressed.

Risk and Exploitability

The vulnerability is documented as requiring only a valid authenticated session to reach the affected endpoint. Attackers must log in with any user account, then supply a crafted id value to exploit the SQL injection. The exploit checksum is not publicly listed in the CISA KEV catalog, and there is no EPSS data available. Consequently, the default risk assessment relies on the high CVSS score, with the threat level deemed significant for networks that expose this endpoint externally or host sensitive data. The lack of an existing public exploit does not diminish the potential impact of a successful injection.

Generated by OpenCVE AI on July 1, 2026 at 19:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy a patch or update that sanitizes the id GET parameter or rewrites the SQL query using parameterized statements in job_info_get.php.
  • If a patch is not immediately available, enforce strict input validation to ensure the id consists only of numeric characters before it is used in the database query.
  • Restrict access to the job_info_get.php endpoint by requiring higher privilege authentication or by placing it behind an access control gateway to prevent exploitation by compromised user accounts.

Generated by OpenCVE AI on July 1, 2026 at 19:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Title Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info_get.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T17:50:46.719Z

Reserved: 2026-03-25T18:43:09.826Z

Link: CVE-2026-34102

cve-icon Vulnrichment

Updated: 2026-07-01T17:50:42.920Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T19:45:04Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')