Description
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php (line 16): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Guardian language‑system contains an authenticated SQL injection flaw in subtitles.php where the id GET parameter is concatenated directly into an SQL query without sanitization. An attacker who authenticates to the application can inject SQL commands that return arbitrary data, allowing the extraction of confidential database contents and a breach of data confidentiality.

Affected Systems

Guardian language‑system is affected; all installations of this component are potentially vulnerable, since no specific versions are excluded.

Risk and Exploitability

With a CVSS score of 9.3 the vulnerability is categorized as critical. The exploit requires authentication and can be performed over the network by supplying a crafted id value. No EPSS score is available and the issue is not listed in CISA KEV, but the high severity makes it a priority target for attackers.

Generated by OpenCVE AI on July 2, 2026 at 15:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Patch the application to use parameterized queries for the 'id' parameter in subtitles.php (apply vendor fix when released).
  • Restrict unauthenticated access to subtitles.php by enforcing authentication or firewall rules.
  • Validate and sanitize the 'id' GET parameter before including it in any database query.
  • Ensure the database user employed by the application has only the minimum privileges required and is not accessible from public network.

Generated by OpenCVE AI on July 2, 2026 at 15:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php (line 16): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Title Guardian Language-System Unauthenticated SQL Injection via id Parameter in subtitles.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T17:35:15.663Z

Reserved: 2026-03-25T18:43:09.826Z

Link: CVE-2026-34103

cve-icon Vulnrichment

Updated: 2026-07-01T17:35:11.398Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T16:00:12Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')