CVE-2019-25325
Thrive Smart Home 1.1 - 'Smart Home' Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.
| CWE | CWE-89 |
| Vendor | thrive |
| Product | smart home |
| Published | Feb 12, 2026 |
| Last Updated | Mar 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for thrive smart home
Be the first to know when new high vulnerabilities affecting thrive smart home are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
Thrive / Smart Home
1.1
References
exploit-db.com: https://www.exploit-db.com/exploits/47814 zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.php packetstorm.news: https://packetstorm.news/files/id/155797 cxsecurity.com: https://cxsecurity.com/issue/WLB-2020010019 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/173728 vulncheck.com: https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-o
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab