CVE-2019-25468
Remote Code Execution in NetGain EM Plus via script_test.jsp
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netgain | em_plus | 10.1.68 |
| netgain | em_plus | to 10.1.68 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability exists in NetGain EM Plus version 10.1.68 and earlier, where an unauthenticated attacker can remotely execute arbitrary system commands. The flaw is in the script_test.jsp endpoint, which improperly validates input parameters. By sending a specially crafted HTTP POST request with shell commands embedded in the 'content' parameter, an attacker can execute commands on the server and retrieve their output."}, {'type': 'paragraph', 'content': "The exploit involves sending POST requests with parameters such as 'type=sh' and 'content' containing shell commands wrapped between unique markers to delimit command output. This allows remote code execution without authentication."}] [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows unauthenticated attackers to execute arbitrary commands on the affected system remotely. This can lead to full system compromise, unauthorized data access, data modification, disruption of services, and potentially the deployment of malware or ransomware.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a specially crafted HTTP POST request to the vulnerable endpoint `/u/jsp/designer/script_test.jsp` on the target server.'}, {'type': 'paragraph', 'content': 'The POST request should have the content-type `application/x-www-form-urlencoded` and include parameters such as `type=sh` and `content` containing shell commands wrapped between unique markers (e.g., `0xdeadnoob`) to delimit command output.'}, {'type': 'paragraph', 'content': 'A sample command to test for the vulnerability could be a curl command like:'}, {'type': 'list_item', 'content': 'curl -k -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "type=sh&content=echo 0xdeadnoob;id;echo 0xdeadnoob" https://target-server/u/jsp/designer/script_test.jsp'}, {'type': 'paragraph', 'content': 'If the server responds with HTTP status 200 and the output of the `id` command wrapped between the markers, it indicates the presence of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
I don't know