Description
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Guardian language-system constructs a SQL query that directly interpolates the user supplied name GET parameter, resulting in SELECT * FROM complex WHERE name=' . $_GET['name'] . '. This flaw permits a classic SQL injection attack. According to the description, an authenticated attacker can perform error‑based SQL injection to extract database contents. The vulnerability is classified as CWE‑89, a classic injection weakness.

Affected Systems

The affected product is Guardian language-system, specifically the designer.php script. No explicit affected version list is provided; the flaw exists wherever the unsanitized query remains. Even without a version table, the vulnerability applies to all instances of the vulnerable script.

Risk and Exploitability

The CVSS score of 9.3 reflects a severe risk. Exploitation would allow an authenticated attacker to perform error‑based SQL injection, enabling extraction of arbitrary database content and potentially compromising confidentiality and integrity. The EPSS score is not listed, but because the injection requires authentication, the exploit’s success probability depends on whether attackers can authenticate to the system. If authentication barriers are weak or default credentials remain, an attacker could exploit the designer.php endpoint remotely.

Generated by OpenCVE AI on July 2, 2026 at 15:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to a version of Guardian language-system that sanitizes the name parameter before including it in SQL statements.
  • If a patch is unavailable, prohibit unauthorized access to designer.php, or redirect the endpoint to a fortified implementation that uses prepared statements or stored procedures.
  • In the meantime, modify the source code to escape the name input using a safe quoting method or, preferably, rewrite the query to use parameterized statements so that user input cannot be interpreted as SQL code.

Generated by OpenCVE AI on July 2, 2026 at 15:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Title Guardian Language-System Unauthenticated SQL Injection via name Parameter in designer.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T18:12:54.866Z

Reserved: 2026-03-25T18:43:09.826Z

Link: CVE-2026-34104

cve-icon Vulnrichment

Updated: 2026-07-01T18:12:50.759Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T16:00:12Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')