Impact
Guardian language-system contains an unsanitized use of the GET parameter "id" inside a PHP exec() call. An attacker can embed shell metacharacters in this parameter, causing arbitrary operating‑system commands to be executed by the web server. This flaw permits full compromise of the host, with the attacker able to read, modify or delete any file, install malware or pivot to other services.
Affected Systems
The vulnerable component is the Guardian language-system. Any installation of this product that has not applied a newer, fixed version may be affected. No specific version information is provided in the advisory.
Risk and Exploitability
The CVSS score of 9.3 indicates a critical severity. The attack can be performed remotely without authentication by manipulating the "id" parameter in a standard HTTP GET request. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. Given the lack of authentication checks and the full privilege of the exec() call, the risk of exploitation is high.
OpenCVE Enrichment