Analyst readout for executives and security teams
Plain-English summary
Kepler Wallpaper Script 1.1 has an unauthenticated SQL injection in the category parameter. A remote attacker could query the application database and expose sensitive data such as usernames and database metadata. The sources do not identify a vendor patch or confirmed active exploitation.
Executive priority
Treat this as high priority for any internet-facing deployment. The main business risk is database exposure from a niche PHP application with public exploit information and no patch confirmed in the supplied sources.
Technical view
CVE-2019-25576 is CWE-89 in Kepler Wallpaper Script 1.1. The CVSS 4.0 score is 8.8. The vulnerability is network-accessible, low-complexity, needs no privileges or user interaction, and affects confidentiality heavily with limited integrity impact. Public exploit material is referenced by Exploit-DB.
Likely exposure
Exposure is likely limited to organizations running Kepler Wallpaper Script version 1.1, especially if the site is internet-facing and the category functionality is reachable.
Exploitation context
Public exploit information exists, but the provided sources do not show CISA KEV listing or confirmed active exploitation. The attack path is unauthenticated and remote, increasing urgency for exposed deployments.
Researcher notes
Do not assume broad exposure without asset confirmation. The advisory scope is Kepler Wallpaper Script 1.1 only. The source bundle cites Exploit-DB and VulnCheck, but does not provide evidence of active exploitation or a named fixed version.
Mitigation direction
- Identify any Kepler Wallpaper Script installations and confirm whether version 1.1 is in use.
- Check vendor or marketplace guidance for an update, replacement, or official remediation.
- Restrict public access to affected functionality if business operations allow.
- Use database least privilege for the application account.
- Monitor web and database logs for suspicious category-parameter activity.
Validation and detection
- Inventory public web assets for Kepler Wallpaper Script.
- Confirm application version from administrative records or deployed files.
- Verify whether category pages are externally reachable.
- Review web logs for abnormal category-parameter requests.
- Review database logs for unexpected metadata queries or errors.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-89: Database access and collection lookup
Injection into data stores can inform collection, data access, and exfiltration detection reviews. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupDatabase behavior lookup
The CVE wording references database injection or access, so collection and exfiltration review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCVE-2019-25576 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 8.8 (4.0)
- Known Exploited
- No
- Published
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N——Primary CVE scoreVulnerability scoring details
Base CVSS 4.0 score
8.8HighVector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Source materials
- CVE List V5 sourceCVE List V5
- ExploitDB-46207CVE reference · exploit
- Official Product HomepageCVE reference · product
- Product ReferenceCVE reference · product
- VulnCheck Advisory: Kepler Wallpaper Script 1.1 SQL Injection via categoryCVE reference · third-party-advisory
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
