exploitDog

CVE-2019-25325

Опубликовано: 12 фев. 2026

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.

Ссылки

https://cxsecurity.com/issue/WLB-2020010019
https://exchange.xforce.ibmcloud.com/vulnerabilities/173728
https://packetstorm.news/files/id/155797
https://www.exploit-db.com/exploits/47814
https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-o
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.php

EPSS

Процентиль: 25%

0.00329

Низкий

8.2 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-g6q7-8v7v-98q7

CVSS3: 8.2

github

4 месяца назад

Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.

EPSS

Процентиль: 25%

0.00329

Низкий

8.2 High

CVSS3

Дефекты

CWE-89