CVE-2019-25576

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to extract database information including usernames, database names, and MySQL version details.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script	Product
https://keplerwallpapers.online/	Broken Link
https://www.exploit-db.com/exploits/46207	Exploit VDB Entry
https://www.vulncheck.com/advisories/kepler-wallpaper-script-sql-injection-via-category	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:keplerwallpapers:kepler_wallpaper_script:1.1:*:*:*:*:*:*:*

History

15 Apr 2026, 17:07

Type	Values Removed	Values Added
CPE		cpe:2.3:a:keplerwallpapers:kepler_wallpaper_script:1.1:::::::*
First Time		Keplerwallpapers Keplerwallpapers kepler Wallpaper Script
Summary		(es) Kepler Wallpaper Script 1.1 contiene una vulnerabilidad de inyección SQL que permite a atacantes no autenticados ejecutar consultas SQL arbitrarias inyectando código malicioso en el parámetro category. Los atacantes pueden enviar solicitudes GET al endpoint category con sentencias SQL UNION codificadas en URL para extraer información de la base de datos, incluyendo nombres de usuario, nombres de bases de datos y detalles de la versión de MySQL.
References	~~() https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script -~~	() https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script - Product
References	~~() https://keplerwallpapers.online/ -~~	() https://keplerwallpapers.online/ - Broken Link
References	~~() https://www.exploit-db.com/exploits/46207 -~~	() https://www.exploit-db.com/exploits/46207 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/kepler-wallpaper-script-sql-injection-via-category -~~	() https://www.vulncheck.com/advisories/kepler-wallpaper-script-sql-injection-via-category - Third Party Advisory

21 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-21 16:16

Updated : 2026-04-15 17:07

NVD link : CVE-2019-25576

Mitre link : CVE-2019-25576

CVE.ORG link : CVE-2019-25576

JSON object : View

Products Affected

keplerwallpapers

kepler_wallpaper_script

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

8.2 /10