Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
NetGain EM Plus 10.1.68: Unauthenticated Code Execution Through Web Request
CVE-2019-25468
Summary
An attacker can run unauthorized commands on your system by sending a malicious request to the NetGain EM Plus 10.1.68 web application. This could lead to sensitive data exposure or system compromise. Update your software to the latest version to fix this issue.
Original title
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_te...
Original description
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter to execute code and retrieve command output.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-94
Code Injection
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026