CVE-2019-25468

CRITICAL 9.8

NetGain EM Plus 10.1.68 Remote Code Execution via script_test.jsp

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter to execute code and retrieve command output.

CWE	CWE-94
Vendor	netgain systems
Product	netgain em plus
Published	Mar 11, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for netgain systems netgain em plus

Be the first to know when new critical vulnerabilities affecting netgain systems netgain em plus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

NetGain Systems / NetGain EM Plus

10.1.68

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47391 netgain-systems.com: http://netgain-systems.com vulncheck.com: https://www.vulncheck.com/advisories/netgain-em-plus-remote-code-execution-via-script-test-jsp

Credits

azams