NetGain EM Plus 10.1.68 Remote Code Execution via script_test.jsp

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter to execute code and retrieve command output.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

对生成代码的控制不恰当(代码注入)

NetGain EM Plus 安全漏洞

NetGain EM Plus是新加坡NetGain公司的一个网络和系统管理软件。 NetGain EM Plus 10.1.68版本存在安全漏洞，该漏洞源于script_test.jsp端点存在参数操作，可能导致未经验证的攻击者执行任意系统命令。

N/A

N/A