Impact
The Guardian language‑system contains an authenticated SQL injection flaw in subtitles.php where the id GET parameter is concatenated directly into an SQL query without sanitization. An attacker who authenticates to the application can inject SQL commands that return arbitrary data, allowing the extraction of confidential database contents and a breach of data confidentiality.
Affected Systems
Guardian language‑system is affected; all installations of this component are potentially vulnerable, since no specific versions are excluded.
Risk and Exploitability
With a CVSS score of 9.3 the vulnerability is categorized as critical. The exploit requires authentication and can be performed over the network by supplying a crafted id value. No EPSS score is available and the issue is not listed in CISA KEV, but the high severity makes it a priority target for attackers.
OpenCVE Enrichment