Skip to main content

Language System

12 CVEs product

Monthly

CVE-2026-34107 CRITICAL POC Act Now

OS command injection in Guardian language-system lets unauthenticated remote attackers run arbitrary shell commands by injecting metacharacters into the 'id' GET parameter of translate.php, which is concatenated directly into a PHP exec() call. Publicly available exploit code exists (published as a gist via VulnCheck), and the CVSS 4.0 base score of 9.3 reflects full compromise of confidentiality, integrity, and availability with no authentication or user interaction. There is no public exploit identified as actively exploited in CISA KEV, so the current risk is driven by ease of exploitation and public PoC rather than confirmed in-the-wild abuse.

Command Injection PHP Language System
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-34106 CRITICAL POC Act Now

Remote code execution in Guardian language-system allows unauthenticated attackers to run arbitrary OS commands by injecting shell metacharacters into the 'id' GET parameter of subtitles.php, which is concatenated directly into a PHP exec() call invoking jobs/subtitle_rendering.php. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation, and publicly available exploit code exists (published via VulnCheck), though there is no public exploit identified as being actively used in the wild at time of analysis.

Command Injection PHP Language System
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-34105 CRITICAL POC Act Now

SQL injection in the Guardian language-system (translate_text.php) lets remote attackers extract arbitrary database contents by injecting into the unsanitized 'id' GET parameter. The CVSS 4.0 vector scores this 9.3 (Critical) with PR:N, and the VulnCheck advisory title labels it unauthenticated, though the CVE description states an authenticated attacker is required - this discrepancy should be verified. Publicly available exploit code exists, but there is no public exploit identified as being actively used in attacks (not in CISA KEV).

SQLi PHP Language System
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-34104 CRITICAL POC Act Now

SQL injection in Guardian Language-System's designer.php exposes the entire backend database to attackers who supply a crafted 'name' GET parameter, which is concatenated directly into a SELECT query without sanitization (CWE-89). VulnCheck reports this as remotely reachable and publicly available exploit code exists, though no public exploit is confirmed as actively used in the wild (not in CISA KEV). Note a source conflict: the CVE description labels the attacker 'authenticated' while the VulnCheck advisory and CVSS 4.0 vector (PR:N) describe it as unauthenticated.

SQLi PHP Language System
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-34103 CRITICAL POC Act Now

SQL injection in Guardian Language-System's subtitles.php lets attackers extract arbitrary database contents by tampering with the id GET parameter, which is concatenated directly into a SELECT query without sanitization. The flaw is error-based and rated critical (CVSS 4.0 base 9.3, VC:H/VI:H/VA:H), publicly available exploit code exists (VulnCheck advisory plus a public gist PoC), and there is no public exploit identified as being used in active attacks. Note a source conflict: the CVE description labels the attacker 'authenticated,' but the CVSS vector (PR:N) and VulnCheck's advisory title both describe it as unauthenticated.

SQLi PHP Language System
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-34102 CRITICAL POC Act Now

SQL injection in Guardian language-system via the 'id' GET parameter in job_info_get.php lets attackers inject arbitrary SQL into a query against the 'jobs' table, enabling error-based extraction of database contents. The CVSS 4.0 vector (AV:N/PR:N) and VulnCheck advisory title indicate unauthenticated network exploitation, though the CVE description text describes an 'authenticated attacker' - a discrepancy defenders should verify. Publicly available exploit code exists (VulnCheck/gist PoC), raising the practical risk despite no confirmed active exploitation.

SQLi PHP Language System
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-34101 CRITICAL POC Act Now

SQL injection in Guardian language-system's text_file.php lets remote attackers extract arbitrary database contents by injecting into the unsanitized 'id' GET parameter. The flaw is a classic error-based SQLi (CWE-89) where user input is concatenated directly into a SELECT statement, and publicly available exploit code exists (reported by VulnCheck). No CISA KEV listing exists, so this represents publicly available exploit code rather than confirmed active exploitation.

SQLi PHP Language System
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-34100 CRITICAL POC Act Now

Error-based SQL injection in Guardian Language System's media.php allows attackers to extract arbitrary database contents by injecting into the unsanitized 'id' GET parameter (CWE-89). Publicly available exploit code exists (published via a GitHub gist by VulnCheck), and the CVSS 4.0 vector (AV:N/AC:L/PR:N) plus the VulnCheck advisory title indicate unauthenticated network exploitation, though the CVE description conversely refers to an 'authenticated attacker' - a discrepancy defenders should verify. No public evidence of active in-the-wild exploitation (not listed in CISA KEV).

SQLi PHP Language System
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-34099 CRITICAL POC Act Now

Unauthenticated SQL injection in Guardian Language System lets remote attackers manipulate the backend database by injecting into the `id` GET parameter of job_info.php, which is concatenated directly into a SQL query with no sanitization. Because no authentication is required (CVSS 4.0 PR:N) and publicly available exploit code exists, any attacker who can reach the endpoint can extract database version, current user, schema names, and table contents via error-based injection. Reported by VulnCheck with a CVSS of 9.3; no public exploit identified as actively used in the wild (not in CISA KEV).

SQLi PHP Language System
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-34098 MEDIUM POC This Month

Reflected cross-site scripting in Guardian Language-System's media.php allows authenticated attackers to inject arbitrary JavaScript into the victim's browser session by crafting a malicious URL with a script payload in the id GET parameter. The flaw exists because the id parameter is written unsanitized directly into HTML source and form action attributes at lines 119 and 129 of media.php. A publicly available proof-of-concept exploit exists on GitHub, though no KEV listing indicates broad active exploitation at time of analysis.

XSS PHP Language System
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-34097 MEDIUM POC This Month

Reflected XSS in Guardian Language-System's text_file.php allows an authenticated attacker to inject arbitrary script tags into at least six distinct form action attributes (lines 94, 101, 323, 403, 826, 852) by crafting a malicious URL with a payload in the id GET parameter. When a second authenticated victim is socially engineered into following the crafted link, the script executes within their browser session against the Guardian Language-System origin, enabling session token theft or unauthorized actions on the victim's behalf. A publicly available proof-of-concept exploit exists on GitHub; no CISA KEV listing has been identified, meaning active exploitation is not confirmed at time of analysis.

XSS PHP Language System
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-34096 MEDIUM POC This Month

Reflected XSS in Guardian language-system's designer.php allows authenticated attackers to inject and execute arbitrary JavaScript in a victim's browser session by crafting a malicious URL. The `name` GET parameter is echoed unsanitized directly into an HTML input value attribute at line 57, enabling classic reflected cross-site scripting. A publicly available proof-of-concept exploit exists on GitHub (via VulnCheck advisory); the vulnerability is not currently listed in CISA KEV, and real-world impact is constrained by the requirement for victim interaction and authentication.

XSS PHP Language System
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

OS command injection in Guardian language-system lets unauthenticated remote attackers run arbitrary shell commands by injecting metacharacters into the 'id' GET parameter of translate.php, which is concatenated directly into a PHP exec() call. Publicly available exploit code exists (published as a gist via VulnCheck), and the CVSS 4.0 base score of 9.3 reflects full compromise of confidentiality, integrity, and availability with no authentication or user interaction. There is no public exploit identified as actively exploited in CISA KEV, so the current risk is driven by ease of exploitation and public PoC rather than confirmed in-the-wild abuse.

Command Injection PHP Language System
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

Remote code execution in Guardian language-system allows unauthenticated attackers to run arbitrary OS commands by injecting shell metacharacters into the 'id' GET parameter of subtitles.php, which is concatenated directly into a PHP exec() call invoking jobs/subtitle_rendering.php. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation, and publicly available exploit code exists (published via VulnCheck), though there is no public exploit identified as being actively used in the wild at time of analysis.

Command Injection PHP Language System
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

SQL injection in the Guardian language-system (translate_text.php) lets remote attackers extract arbitrary database contents by injecting into the unsanitized 'id' GET parameter. The CVSS 4.0 vector scores this 9.3 (Critical) with PR:N, and the VulnCheck advisory title labels it unauthenticated, though the CVE description states an authenticated attacker is required - this discrepancy should be verified. Publicly available exploit code exists, but there is no public exploit identified as being actively used in attacks (not in CISA KEV).

SQLi PHP Language System
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

SQL injection in Guardian Language-System's designer.php exposes the entire backend database to attackers who supply a crafted 'name' GET parameter, which is concatenated directly into a SELECT query without sanitization (CWE-89). VulnCheck reports this as remotely reachable and publicly available exploit code exists, though no public exploit is confirmed as actively used in the wild (not in CISA KEV). Note a source conflict: the CVE description labels the attacker 'authenticated' while the VulnCheck advisory and CVSS 4.0 vector (PR:N) describe it as unauthenticated.

SQLi PHP Language System
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

SQL injection in Guardian Language-System's subtitles.php lets attackers extract arbitrary database contents by tampering with the id GET parameter, which is concatenated directly into a SELECT query without sanitization. The flaw is error-based and rated critical (CVSS 4.0 base 9.3, VC:H/VI:H/VA:H), publicly available exploit code exists (VulnCheck advisory plus a public gist PoC), and there is no public exploit identified as being used in active attacks. Note a source conflict: the CVE description labels the attacker 'authenticated,' but the CVSS vector (PR:N) and VulnCheck's advisory title both describe it as unauthenticated.

SQLi PHP Language System
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

SQL injection in Guardian language-system via the 'id' GET parameter in job_info_get.php lets attackers inject arbitrary SQL into a query against the 'jobs' table, enabling error-based extraction of database contents. The CVSS 4.0 vector (AV:N/PR:N) and VulnCheck advisory title indicate unauthenticated network exploitation, though the CVE description text describes an 'authenticated attacker' - a discrepancy defenders should verify. Publicly available exploit code exists (VulnCheck/gist PoC), raising the practical risk despite no confirmed active exploitation.

SQLi PHP Language System
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

SQL injection in Guardian language-system's text_file.php lets remote attackers extract arbitrary database contents by injecting into the unsanitized 'id' GET parameter. The flaw is a classic error-based SQLi (CWE-89) where user input is concatenated directly into a SELECT statement, and publicly available exploit code exists (reported by VulnCheck). No CISA KEV listing exists, so this represents publicly available exploit code rather than confirmed active exploitation.

SQLi PHP Language System
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Error-based SQL injection in Guardian Language System's media.php allows attackers to extract arbitrary database contents by injecting into the unsanitized 'id' GET parameter (CWE-89). Publicly available exploit code exists (published via a GitHub gist by VulnCheck), and the CVSS 4.0 vector (AV:N/AC:L/PR:N) plus the VulnCheck advisory title indicate unauthenticated network exploitation, though the CVE description conversely refers to an 'authenticated attacker' - a discrepancy defenders should verify. No public evidence of active in-the-wild exploitation (not listed in CISA KEV).

SQLi PHP Language System
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Unauthenticated SQL injection in Guardian Language System lets remote attackers manipulate the backend database by injecting into the `id` GET parameter of job_info.php, which is concatenated directly into a SQL query with no sanitization. Because no authentication is required (CVSS 4.0 PR:N) and publicly available exploit code exists, any attacker who can reach the endpoint can extract database version, current user, schema names, and table contents via error-based injection. Reported by VulnCheck with a CVSS of 9.3; no public exploit identified as actively used in the wild (not in CISA KEV).

SQLi PHP Language System
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Reflected cross-site scripting in Guardian Language-System's media.php allows authenticated attackers to inject arbitrary JavaScript into the victim's browser session by crafting a malicious URL with a script payload in the id GET parameter. The flaw exists because the id parameter is written unsanitized directly into HTML source and form action attributes at lines 119 and 129 of media.php. A publicly available proof-of-concept exploit exists on GitHub, though no KEV listing indicates broad active exploitation at time of analysis.

XSS PHP Language System
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Reflected XSS in Guardian Language-System's text_file.php allows an authenticated attacker to inject arbitrary script tags into at least six distinct form action attributes (lines 94, 101, 323, 403, 826, 852) by crafting a malicious URL with a payload in the id GET parameter. When a second authenticated victim is socially engineered into following the crafted link, the script executes within their browser session against the Guardian Language-System origin, enabling session token theft or unauthorized actions on the victim's behalf. A publicly available proof-of-concept exploit exists on GitHub; no CISA KEV listing has been identified, meaning active exploitation is not confirmed at time of analysis.

XSS PHP Language System
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Reflected XSS in Guardian language-system's designer.php allows authenticated attackers to inject and execute arbitrary JavaScript in a victim's browser session by crafting a malicious URL. The `name` GET parameter is echoed unsanitized directly into an HTML input value attribute at line 57, enabling classic reflected cross-site scripting. A publicly available proof-of-concept exploit exists on GitHub (via VulnCheck advisory); the vulnerability is not currently listed in CISA KEV, and real-world impact is constrained by the requirement for victim interaction and authentication.

XSS PHP Language System
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy