High severity8.2NVD Advisory· Published Feb 12, 2026· Updated Apr 15, 2026
CVE-2019-25325
CVE-2019-25325
Description
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 1.1
Patches
Vulnerability mechanics
References
6- cxsecurity.com/issue/WLB-2020010019nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/173728nvd
- packetstorm.news/files/id/155797nvd
- www.exploit-db.com/exploits/47814nvd
- www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-onvd
- www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.phpnvd
News mentions
0No linked articles in our index yet.