CVE-2019-25325

Sažetak

Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.

Reference

https://cxsecurity.com/issue/WLB-2020010019
https://exchange.xforce.ibmcloud.com/vulnerabilities/173728
https://packetstorm.news/files/id/155797
https://www.exploit-db.com/exploits/47814
https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-o
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.php

CVSS

Base:	8.2
Impact:	4.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

13-02-2026 - 14:23

Objavljeno

12-02-2026 - 23:16