CVE-2019-25576
SQL Injection in Kepler Wallpaper Script 1.1 Exposes Database Data
Publication date: 2026-03-21
Last updated on: 2026-04-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| keplerwallpapers | kepler_wallpaper_script | 1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25576 is an SQL injection vulnerability found in Kepler Wallpaper Script version 1.1 and earlier. It occurs because the application does not properly neutralize special elements in SQL commands, specifically in the "category" parameter.'}, {'type': 'paragraph', 'content': 'Unauthenticated attackers can exploit this flaw by sending specially crafted GET requests containing URL-encoded SQL UNION statements to the category endpoint. This allows them to execute arbitrary SQL queries on the backend database.'}, {'type': 'paragraph', 'content': 'Through this injection, attackers can extract sensitive database information such as usernames, database names, and MySQL version details.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can have serious impacts because it allows unauthenticated attackers to execute arbitrary SQL queries on the database.
Attackers can extract sensitive information such as usernames, database names, and database version details, which can lead to further exploitation or data compromise.
Such unauthorized access to database information can result in data breaches, loss of confidentiality, and potential manipulation of data integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This SQL injection vulnerability can be detected by sending crafted GET requests to the category endpoint of the Kepler Wallpaper Script application, injecting URL-encoded SQL UNION statements into the category parameter.'}, {'type': 'paragraph', 'content': 'A typical detection method involves using tools like curl or wget to send these requests and observe if database information such as usernames, database names, or MySQL version details are returned.'}, {'type': 'list_item', 'content': 'Example curl command to test the vulnerability: curl -i "http://[target]/category/1\' UNION SELECT user(), database(), version()-- "'}, {'type': 'list_item', 'content': 'Alternatively, use a web vulnerability scanner configured to test for SQL injection on the category parameter.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying input validation and sanitization on the category parameter to prevent SQL injection.
If a patch or updated version of Kepler Wallpaper Script is available, upgrade to that version to fix the vulnerability.
As a temporary measure, restrict access to the vulnerable endpoint or implement a web application firewall (WAF) to block malicious SQL injection attempts.