Impact
Guardian language‑system accepts an unvalidated GET parameter 'id' and directly concatenates it into a SQL SELECT statement in translate_text.php. An attacker can craft a malicious id value that triggers error‑based SQL injection, allowing extraction of database contents and compromising the confidentiality of stored data. The flaw aligns with CWE‑89, representing an injection weakness that can be exploited by an authenticated attacker.
Affected Systems
The advisory affects Guardian language‑system, a web‑based translation component. No specific product version is listed; the vulnerability exists in any deployment that includes the translate_text.php file handling id parameters as described.
Risk and Exploitability
The CVSS score of 9.3 indicates a critical severity. Because EPSS is not provided, the current exploitation probability is unknown, but the lack of a KEV listing suggests no confirmed public exploits yet. The attack likely occurs over the network via HTTP requests to translate_text.php, requiring authentication. The vulnerability's remote nature and high impact make it a top priority for remediation.
OpenCVE Enrichment