GHSA-7744-fxpq-9j2fCriticalCVSS 9.8
Guardian language-system passes the id GET parameter directly into a PHP exec() call in...
🔗 CVE IDs covered (1)
📋 Description
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac_text.php (line 18) without sanitization: exec("php jobs/speech_audio_mac_text.php ".$login_session." ".$_GET['id']." ..."). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
🔗 References (4)
- https://nvd.nist.gov/vuln/detail/CVE-2026-34111
- https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad
- https://www.vulncheck.com/advisories/guardian-language-system-unauthenticated-os-command-injection-via-id-parameter-in-speechmac-text-php
- https://github.com/advisories/GHSA-7744-fxpq-9j2f