PT-2026-24766 · Netgain Systems · Netgain Em Plus
Azams
·
Publicado
2026-03-11
·
Atualizado
2026-03-11
·
CVE-2019-25468
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NetGain EM Plus version 10.1.68
Description
The software contains a remote code execution issue that allows attackers to execute arbitrary system commands. Unauthenticated attackers can exploit this by sending malicious parameters to the ''script test.jsp'' endpoint. Specifically, attackers can send POST requests with shell commands embedded within the
content parameter. This allows them to execute code and retrieve the command output.Recommendations
Apply updates to address the issue in NetGain EM Plus version 10.1.68.
Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netgain Em Plus