Critical SQL Injection Vulnerabilities Discovered in Guardian Language-System

Critical SQL Injection Vulnerabilities Discovered in Guardian Language-System

First seen 2 Jul 2026, 14:42 UTC Feedlynvd.nist.govcve.reportvulners.com 88% similarity 72.0

Article Content

Browse articles
ThreatCluster

Two critical SQL injection vulnerabilities, CVE-2026-34105 and CVE-2026-34103, were identified in the Guardian language-system, affecting the translate_text.php and subtitles.php files respectively. Both vulnerabilities allow authenticated attackers to execute error-based SQL injection attacks, enabling them to extract, modify, or delete sensitive data from the database. No public proof-of-concept or confirmed exploitation has been reported yet. Patches for both vulnerabilities are available, and security experts recommend immediate implementation of parameterized queries and input validation to mitigate risks. The vulnerabilities received CVSS scores of 9.8 and 9.8, indicating their high severity. Organizations using the Guardian language-system are urged to update their systems promptly to prevent potential data breaches.

Key Points: • CVE-2026-34105 and CVE-2026-34103 allow SQL injection attacks via unsanitized GET parameters. • Both vulnerabilities have a CVSS score of 9.8, indicating critical severity. • Patches are available, and immediate action is recommended to mitigate risks.

ThreatCluster AI

Timeline

2026-07-01
CVE-2026-34105 published
Guardian language-system vulnerability allows SQL injection via id parameter in translate_text.php.
Feedly
2026-07-01
CVE-2026-34103 published
Guardian language-system vulnerability allows SQL injection via id parameter in subtitles.php.
Feedly
2026-07-02
Vulnerabilities reported in NVD
NVD published details on CVE-2026-34105 and CVE-2026-34103, highlighting their SQL injection risks.
nvd.nist.gov
2026-07-02
Patches recommended
Security advisories recommend immediate patch application and implementation of security best practices.
Feedly

Community

Browse all →