CVE-2019-25325

HIGH

Thrive Smart Home 1.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25325. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Thrive Smart Home 1.1, allowing authentication bypass via a crafted POST request to checklogin.php. The provided curl command injects SQL code into the 'user' parameter to bypass login.

Description

Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/47814

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Thrive Smart Home 1.1, allowing authentication bypass via a crafted POST request to checklogin.php. The provided curl command injects SQL code into the 'user' parameter to bypass login.

Classification

Working Poc 90%

Attack Type

Sqli | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Thrive Smart Home 1.1

No auth needed

Prerequisites: Network access to the target application · Target running Thrive Smart Home 1.1

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47814

Third Party Advisory technical-description exploit

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.php

Various Sources exploit

https://packetstorm.news/files/id/155797

Issue Tracking exploit

https://cxsecurity.com/issue/WLB-2020010019

Third Party Advisory, VDB Entry third-party-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/173728

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-o

Scores

CVSS v3 8.2

EPSS 0.0033

EPSS Percentile 24.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Published Feb 12, 2026

Tracked Since Feb 18, 2026