CNNVD-202602-2180 Information
CNNVD ID
CNNVD-202602-2180
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
Thrive Smart Home是Thrive公司的一个智能家居系统。 Thrive Smart Home 1.1版本存在SQL注入漏洞,该漏洞源于checklogin.php端点中user参数存在SQL注入,可能导致身份验证绕过。
Description (English)
Thrive Smart Home is an intelligent home system for Thrive. Version 1.1 of Thrive Smart Home has an injection loophole in SQL, which stems from the use of SQL input of user parameters at the checklogin.php endpoint, which may lead to an identification bypass.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Thrive
Published
2026-02-12
Last Modified
2026-02-24
References
https://cxsecurity.com/issue/WLB-2020010019 https://exchange.xforce.ibmcloud.com/vulnerabilities/173728 https://packetstorm.news/files/id/155797 https://www.exploit-db.com/exploits/47814 https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-o https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.php
Share on: