CVE Catalog

CVE-2026-34102

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile — higher than 29% of all known CVEs

Summary

SQL Injection vulnerability in Guardian language-system exists in job_info_get.php where the GET parameter 'id' is directly inserted into an SQL query without sanitization. An authenticated attacker can exploit error-based SQL injection to extract database contents.

Risk Assessment

The risk involves potential theft of sensitive data from the database, such as user data or system configuration, which could lead to confidentiality and integrity breaches.

Recommendation

Immediately update Guardian language-system to the latest patched version. If unavailable, use parameterized queries or input validation for the 'id' parameter.

Original NVD description (English source)

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS