Primary

Context

NetGain EM Plus Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in NetGain EM Plus version 10.1.68. This vulnerability allows unauthenticated attackers to execute arbitrary system commands by sending malicious parameters to the script_test.jsp endpoint. Exploitation involves POST requests with shell commands embedded in the 'content' parameter, which are executed on the server with the command output returned to the attacker.

Impact

Exploitation of this vulnerability allows for unauthorized remote code execution on the server where NetGain EM Plus is running.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/u/jsp/designer/script_test.jsp' endpoint. The 'content' parameter must include the desired shell commands, which will be executed on the server. The response will contain the output of the executed commands.

Added: Mar 11, 2026, 7:38 PM

Updated: Mar 11, 2026, 7:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

9.1

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

9.1

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NetGain EM Plus Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

NetGain EM Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating