PT-2026-24766 · Netgain Systems · Netgain Em Plus
Azams
·
Published
2026-03-11
·
Updated
2026-03-11
·
CVE-2019-25468
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NetGain EM Plus version 10.1.68
Description
The software contains a remote code execution issue that allows attackers to execute arbitrary system commands. Unauthenticated attackers can exploit this by sending malicious parameters to the ''script test.jsp'' endpoint. Specifically, attackers can send POST requests with shell commands embedded within the
content parameter. This allows them to execute code and retrieve the command output.Recommendations
Apply updates to address the issue in NetGain EM Plus version 10.1.68.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgain Em Plus