PT-2026-54751 · Unknown · Guardian Language-System

Philopentest

·

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-34115

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Guardian language-system (affected versions not specified)
Description An unauthenticated remote attacker can execute arbitrary operating system commands on the server. This occurs because the application passes the id parameter from a GET request directly into a PHP exec() function within the transcribe amazon.php file without proper sanitization. The vulnerable process involves the execution of the command php jobs/transcribe amazon.php using the login session and id variables.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the id parameter in the transcribe amazon.php endpoint until the issue is resolved.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-34115

Affected Products

Guardian Language-System