Description
Guardian language-system passes the id GET parameter directly into a PHP exec() call in text.php (line 15) without sanitization: exec(\"php jobs/text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Guardian language-system module contains an unchecked use of the id GET parameter in a PHP exec() call. Because the value is concatenated directly into a shell command without validation, an attacker can craft the parameter with shell metacharacters to run arbitrary commands on the server. If exploited, the attacker gains full remote code execution capability, bypassing authentication and compromising confidentiality, integrity, and availability of the system.

Affected Systems

The vulnerability affects the Guardian Language‑System component. All installations that expose the vulnerable text.php endpoint are susceptible; product and version details are not specified in the data, so administrators should verify whether their deployment includes this module and whether the id parameter is exposed.

Risk and Exploitability

The CVSS score of 9.3 indicates a critical level of severity, and the absence of a KEV listing does not reduce the risk, as the flaw permits unauthenticated remote code execution. Because the attack can be performed over the web without authentication, the potential for exploitation is high. No additional exploit prerequisites are stated, so any client able to send a crafted HTTP GET request may trigger the vulnerability.

Generated by OpenCVE AI on July 1, 2026 at 23:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or upgrade the Guardian Language‑System to a version that properly sanitizes or removes the id parameter from the exec() call.
  • If a patch is unavailable, restrict or disable access to the text.php service or enforce authentication before allowing requests to it.
  • Deploy a WAF rule or similar input filtering that rejects shell metacharacters in the id query value to mitigate the risk until a patch is applied.

Generated by OpenCVE AI on July 1, 2026 at 23:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the id GET parameter directly into a PHP exec() call in text.php (line 15) without sanitization: exec(\"php jobs/text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
Title Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text.php
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T16:17:37.107Z

Reserved: 2026-03-25T18:43:09.827Z

Link: CVE-2026-34108

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T23:15:04Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')