5 matches found
CVE-2026-34114
Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34108
Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...
CVE-2026-34111 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac_text.php
Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmactext.php line 18 without sanitization: exec"php jobs/speechaudiomactext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
The vulnerability of the text.php component of the search engine LibreY allows a hacker to perform an SSRF attack.
The vulnerability of the text.php component of the search engine LibreY is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
PT-2023-11822 · Unknown · Geni Portal
Name of the Vulnerable Software and Affected Versions: GENI Portal affected versions not specified Description: A problematic issue was found in GENI Portal, affecting some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the error argument leads to cross-si...