Impact
Guardian Language‑System’s complex_start.php concatenates the id GET parameter directly into a PHP exec() call without filtering or sanitization. This permits an unauthenticated attacker to inject shell metacharacters in the id value, causing the server to execute arbitrary operating‑system commands. The lack of an authentication requirement removes any user‑level barrier, allowing remote execution from any client that can reach the HTTP endpoint. Exploitation can lead to full system compromise, data loss, or further lateral movement once the attacker gains command execution.
Affected Systems
The vulnerability affects Guardian Language‑System wherever complex_start.php is present. No specific version numbers were supplied in the advisory, so any deployment that has not applied a patch or other mitigation that sanitizes the id parameter is potentially vulnerable.
Risk and Exploitability
The CVSS score of 9.3 reflects critical severity and the obvious zero‑authentication barrier. EPSS data is not available, and the issue is not listed in the CISA KEV catalog. The simplest exploitation path involves sending a crafted HTTP GET request to /complex_start.php with a malicious id string, which the web process processes through exec, achieving unprivileged command execution.
OpenCVE Enrichment