Impact
Guardian Language‑System contains a transcribe_amazon.php script that concatenates the id GET parameter directly into a PHP exec() call without any input validation or sanitization. Because the code paths required to reach this call are not protected by authentication, an attacker can supply shell metacharacters in the id value and cause the underlying operating system to execute arbitrary commands. The weakness exemplifies CWE‑78, where unsanitized data is passed to an OS command, resulting in remote code execution and full compromise of the web server process. The impact is the ability to run any command as the web‑server user, giving the attacker potential to install malware, exfiltrate data, or pivot to other internal hosts.
Affected Systems
All deployments of Guardian Language‑System that expose the transcribe_amazon.php module to the public internet are potentially vulnerable. The advisory does not list specific product versions, so any instance where the script is present and reachable remains at risk until a vendor patch is applied.
Risk and Exploitability
An unauthenticated attacker can exploit the flaw by sending a crafted HTTP request that includes shell metacharacters in the id parameter. The lack of authentication and input validation makes the attack trivial and non‑privileged, with the attacker’s payload being executed directly by the OS. The CVSS score of 9.3 reflects the high impact and attack ease. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no publicly documented exploitation yet, but the risk remains high due to the critical nature of uncontrolled OS command execution.
OpenCVE Enrichment