1195 matches found
CVE-2026-34116
Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34112
Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34113
Guardian language-system passes the id GET parameter directly into a PHP exec call in speechtext.php line 18 without sanitization: exec"php jobs/speechaudiotext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34115
Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribeamazon.php line 15 without sanitization: exec"php jobs/transcribeamazon.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34101
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...
CVE-2026-34105
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
EUVD-2026-41070
Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34112 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac.php
Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34111
CVE-2026-34111 : Guardian Language-System vulnerability where speechmac_text.php passes $_GET['id'] directly into an exec() call, enabling unauthenticated remote command execution via shell metacharacters. Affects the Guardian Language-System component (speech_text path) and is scored CRITICAL (C...
EUVD-2026-41068
Guardian language-system passes the id GET parameter directly into a PHP exec call in complexstart.php line 14 without sanitization: exec"php jobs/complex.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...
EUVD-2026-41066
Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...
EUVD-2026-41059
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
EUVD-2026-41058
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...
CVE-2026-34101
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...
EUVD-2026-41056
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...
EUVD-2026-41053
Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
EUVD-2026-41052
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
PT-2026-51731
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the BPF Berkeley Packet Filter subsystem. The function bpf selem unlink nofail sets the smap variable to NULL before removing the element from the...
PT-2026-47769
KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc ad' parameter in base.css.php or kittycatfish.php to extract...
CVE-2026-7394
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...