CVE-2019-25468

Critical CVSS: 9.3

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter to execute code and retrieve command output.

Vendor

Product

CWE

CWE-94

Yayın Tarihi

2026-03-11 19:16:00

Güncelleme

2026-03-12 21:08:22

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-94 CRITICAL 2026

Referanslar

http://netgain-systems.com https://www.exploit-db.com/exploits/47391 https://www.vulncheck.com/advisories/netgain-em-plus-remote-code-execution-via-script-test-jsp