CVE-2019-25325

8.2 HIGH
Published: February 12, 2026 Modified: February 13, 2026
View on NVD

Description

Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://cxsecurity.com/issue/WLB-2020010019
Source: disclosure@vulncheck.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/173728
Source: disclosure@vulncheck.com
https://packetstorm.news/files/id/155797
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/47814
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-o
Source: disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.php
Source: disclosure@vulncheck.com

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.2 / 10.0
EPSS (Exploit Probability)
0.4%
63th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-89

Related CVEs

CVE-2026-4538 5.3
CVE-2026-4537 4.7
CVE-2026-4536 7.3
CVE-2026-4535 8.8
CVE-2026-4534 8.8