Critical severity9.8NVD Advisory· Published Mar 11, 2026· Updated Apr 15, 2026

CVE-2019-25468

Description

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter to execute code and retrieve command output.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

netgain-systems.comnvd
www.exploit-db.com/exploits/47391nvd
www.vulncheck.com/advisories/netgain-em-plus-remote-code-execution-via-script-test-jspnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000