Description
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac_text.php (line 18) without sanitization: exec(\"php jobs/speech_audio_mac_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Guardian language-system contains an OS command injection flaw where the id GET parameter is passed directly to a PHP exec() call. An attacker can inject shell metacharacters to run arbitrary operating‑system commands without any authentication. This vulnerability is a high‑severity CWE‑78 issue that can compromise confidentiality, integrity, and availability of the affected server.

Affected Systems

The flaw affects the Guardian language-system product. No specific affected versions were listed; any deployment of the language‑system that includes speechmac_text.php is potentially vulnerable.

Risk and Exploitability

The CVSS score of 9.3 reflects a critical risk level. The EPSS score is currently unavailable, but the lack of authentication requirement and the ability to run arbitrary commands make exploitation likely in a realistic threat scenario. The vulnerability is not yet listed in CISA’s KEV catalog, yet its impact warrants immediate attention.

Generated by OpenCVE AI on July 2, 2026 at 13:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch that sanitizes the id parameter or removes the vulnerable exec() usage.
  • If no patch exists, restrict access to speechmac_text.php to authenticated users or implement IP‑based access controls to prevent unauthenticated exploitation.
  • As an interim measure, disable the PHP exec() function in the web application’s configuration or enforce php.ini restrictions, limiting the ability to execute arbitrary commands.

Generated by OpenCVE AI on July 2, 2026 at 13:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac_text.php (line 18) without sanitization: exec(\"php jobs/speech_audio_mac_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
Title Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac_text.php
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T18:07:09.217Z

Reserved: 2026-03-25T18:43:09.827Z

Link: CVE-2026-34111

cve-icon Vulnrichment

Updated: 2026-07-01T18:07:04.187Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T13:30:05Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')