Lucene search
K

31 matches found

NVD
NVD
added 2 hours ago4 views

CVE-2026-34116

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS
Exploits0References2
NVD
NVD
added 2 hours ago5 views

CVE-2026-34112

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2026-34114

Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2026-34103

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2026-34097

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS
Exploits0References2
NVD
NVD
added 2 hours ago3 views

CVE-2026-34096

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-34117 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text_to_subtitles.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in texttosubtitles.php line 19 without sanitization: exec"php jobs/texttosubtitles.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-34116 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in transcribe.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-34115 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in transcribe_amazon.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribeamazon.php line 15 without sanitization: exec"php jobs/transcribeamazon.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS
Exploits0References2
CVE
CVE
added 2 hours ago4 views

CVE-2026-34114

Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-34110 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in complex_start.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in complexstart.php line 14 without sanitization: exec"php jobs/complex.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS
Exploits0References2
CVE
CVE
added 2 hours ago4 views

CVE-2026-34110

Guardian language-system passes the id GET parameter directly into a PHP exec call in complexstart.php line 14 without sanitization: exec"php jobs/complex.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-34109 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS
Exploits0References2
CVE
CVE
added 2 hours ago4 views

CVE-2026-34109

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score
Exploits0References2
CVE
CVE
added 3 hours ago4 views

CVE-2026-34108

Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...

9.8CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-34107 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in translate.php line 14 without sanitization: exec"php jobs/translate.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS
Exploits0References2
CVE
CVE
added 3 hours ago8 views

CVE-2026-34107

CVE-2026-34107 affects Guardian Language-System. The vulnerability is an unauthenticated OS command injection via the id parameter in translate.php, where the id GET parameter is passed directly into an exec() call without sanitization. An unauthenticated remote attacker can append shell metachar...

9.8CVSS6.1AI score
Exploits0References2
CVE
CVE
added 3 hours ago6 views

CVE-2026-34106

Guardian Language-System is affected by an unauthenticated OS command injection in subtitles.php. The id GET parameter is directly concatenated into a PHP exec() call without sanitization, enabling remote attackers to inject shell metacharacters and execute arbitrary commands on the server. The v...

9.8CVSS6.1AI score
Exploits0References2
CVE
CVE
added 3 hours ago5 views

CVE-2026-34105

CVE-2026-34105 — Guardian Language-System : The vulnerability is in translate_text.php where the id GET parameter is directly interpolated into an unsanitized SQL query: SELECT id, filename, extension, type FROM files where id = '".$_GET['id']."'. This enables an error-based SQL injection, allowi...

9.8CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-34103 Guardian Language-System Unauthenticated SQL Injection via id Parameter in subtitles.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS
Exploits0References2
Rows per page
Query Builder