Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to extract database information including usernames, database names, and MySQL version details.
PUBLISHED5.2CWE-89
Kepler Wallpaper Script 1.1 SQL Injection via category
Problem type
Affected products
Keplerwallpapers
Kepler Wallpaper Script
1.1 - AFFECTED
References
ExploitDB-46207
https://www.exploit-db.com/exploits/46207
Official Product Homepage
https://keplerwallpapers.online/
Product Reference
https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script
VulnCheck Advisory: Kepler Wallpaper Script 1.1 SQL Injection via category
https://www.vulncheck.com/advisories/kepler-wallpaper-script-sql-injection-via-category
JSON source
https://cveawg.mitre.org/api/cve/CVE-2019-25576Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2019-25576",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-03-21T15:30:34.815Z",
"dateReserved": "2026-03-21T15:24:10.532Z",
"datePublished": "2026-03-21T15:30:34.815Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-03-21T15:30:34.815Z"
},
"title": "Kepler Wallpaper Script 1.1 SQL Injection via category",
"descriptions": [
{
"lang": "en",
"value": "Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to extract database information including usernames, database names, and MySQL version details."
}
],
"affected": [
{
"vendor": "Keplerwallpapers",
"product": "Kepler Wallpaper Script",
"versions": [
{
"version": "1.1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/46207",
"name": "ExploitDB-46207",
"tags": [
"exploit"
]
},
{
"url": "https://keplerwallpapers.online/",
"name": "Official Product Homepage",
"tags": [
"product"
]
},
{
"url": "https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script",
"name": "Product Reference",
"tags": [
"product"
]
},
{
"url": "https://www.vulncheck.com/advisories/kepler-wallpaper-script-sql-injection-via-category",
"name": "VulnCheck Advisory: Kepler Wallpaper Script 1.1 SQL Injection via category",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan",
"type": "finder"
}
]
}
}
}