CVE Catalog

CVE-2026-34099

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.46%

37th percentile — higher than 37% of all known CVEs

Summary

SQL Injection vulnerability in Guardian language-system allows an unauthenticated attacker to inject SQL code via the 'id' parameter in job_info.php. Lack of input sanitization enables reading sensitive database information.

Risk Assessment

The organization is at risk of data breach, including database version, usernames, schemas, and table contents, potentially compromising data confidentiality and integrity.

Recommendation

Immediately update Guardian language-system to the latest patched version. As a workaround, implement parameterized SQL queries or input validation for the 'id' parameter.

Original NVD description (English source)

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current user, schema names, and table contents.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS