CVE-2019-25576

Name of the Vulnerable Software and Affected Versions Kepler Wallpaper Script version 1.1

Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the 'category' endpoint using URL-encoded SQL UNION statements to extract database information, such as usernames, database names, and MySQL version details.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.