Description
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech_text.php (line 18) without sanitization: exec(\"php jobs/speech_audio_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Guardian language-system contains an unsanitized use of the GET parameter "id" inside a PHP exec() call. An attacker can embed shell metacharacters in this parameter, causing arbitrary operating‑system commands to be executed by the web server. This flaw permits full compromise of the host, with the attacker able to read, modify or delete any file, install malware or pivot to other services.

Affected Systems

The vulnerable component is the Guardian language-system. Any installation of this product that has not applied a newer, fixed version may be affected. No specific version information is provided in the advisory.

Risk and Exploitability

The CVSS score of 9.3 indicates a critical severity. The attack can be performed remotely without authentication by manipulating the "id" parameter in a standard HTTP GET request. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. Given the lack of authentication checks and the full privilege of the exec() call, the risk of exploitation is high.

Generated by OpenCVE AI on July 2, 2026 at 13:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a version that contains the fix for the exec() handling.
  • If a patch is not yet available, enforce strict input validation on the "id" parameter, allowing only expected numeric or alphanumeric values and rejecting any characters that could be interpreted by the shell.
  • Disable or restrict PHP's exec() function for the web application context, or replace the call with a safer implementation that does not execute shell commands.

Generated by OpenCVE AI on July 2, 2026 at 13:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech_text.php (line 18) without sanitization: exec(\"php jobs/speech_audio_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
Title Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech_text.php
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T18:14:54.906Z

Reserved: 2026-03-25T18:43:09.827Z

Link: CVE-2026-34113

cve-icon Vulnrichment

Updated: 2026-07-01T18:14:50.407Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T13:30:05Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')