GHSA-8jg8-r264-q28xCriticalCVSS 9.8
Guardian language-system passes the id GET parameter directly into a PHP exec() call in...
🔗 CVE IDs covered (1)
📋 Description
Guardian language-system passes the id GET parameter directly into a PHP exec() call in complex_start.php (line 14) without sanitization: exec("php jobs/complex.php ".$login_session." ".$_GET['id']." ..."). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
🔗 References (4)
- https://nvd.nist.gov/vuln/detail/CVE-2026-34110
- https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad
- https://www.vulncheck.com/advisories/guardian-language-system-unauthenticated-os-command-injection-via-id-parameter-in-complex-start-php
- https://github.com/advisories/GHSA-8jg8-r264-q28x