Impact
Guardian language‑system allows an attacker to insert shell metacharacters into the id GET parameter of speechmac.php. The value is concatenated directly into a PHP exec() call, permitting arbitrary OS commands to be executed on the host. Because the endpoint is publicly reachable and requires no authentication, any remote user can trigger this insertion and gain full control of the system, exposing all data and potentially enabling further lateral movement.
Affected Systems
The vulnerable component is Guardian language‑system. No specific affected versions are listed in the CNA data, so all current releases of this product may be at risk.
Risk and Exploitability
The CVSS score of 9.3 indicates critical severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a simple unauthenticated HTTP request to speechmac.php, making exploitation straightforward for anyone who can reach the exposed endpoint.
OpenCVE Enrichment