Vulnerability Description
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://cxsecurity.com/issue/WLB-2020010019
- https://exchange.xforce.ibmcloud.com/vulnerabilities/173728
- https://packetstorm.news/files/id/155797
- https://www.exploit-db.com/exploits/47814
- https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limit
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.php
FAQ
What is CVE-2019-25325?
CVE-2019-25325 is a vulnerability with a CVSS score of 8.2 (HIGH). Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. A...
How severe is CVE-2019-25325?
CVE-2019-25325 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25325?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.