CVE-2026-34102
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
SQL Injection vulnerability in Guardian language-system exists in job_info_get.php where the GET parameter 'id' is directly inserted into an SQL query without sanitization. An authenticated attacker can exploit error-based SQL injection to extract database contents.
Risk Assessment
The risk involves potential theft of sensitive data from the database, such as user data or system configuration, which could lead to confidentiality and integrity breaches.
Recommendation
Immediately update Guardian language-system to the latest patched version. If unavailable, use parameterized queries or input validation for the 'id' parameter.
Original NVD description (English source)
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.

