CVE-2022-31885
CRITICALMarval MSM v14.19.0.12476 - OS Command Injection via VBScript Handling
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-31885. PoCs published by Momen Eldawakhly.
AI-analyzed exploit summary This exploit targets Marval MSM v14.19.0.12476 via an authenticated RCE vulnerability in the ScriptHandler.ashx endpoint. It leverages a malicious VBScript payload to execute a PowerShell reverse shell.
Description
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
Exploits (1)
exploitdb
WORKING POC
by Momen Eldawakhly · textremotewindows
https://www.exploit-db.com/exploits/50956
This exploit targets Marval MSM v14.19.0.12476 via an authenticated RCE vulnerability in the ScriptHandler.ashx endpoint. It leverages a malicious VBScript payload to execute a PowerShell reverse shell.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Marval MSM v14.19.0.12476
Auth required
Prerequisites:
Authenticated session · Valid ASP.NET_SessionId and appNameAuth cookies
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://marvalglobal.com/
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/drive/folders/1Qa-6-LUzEnduSGfWLUjVLCyKr5wuEu5k?usp=sharing
Exploit, Third Party Advisory x_refsource_misc
https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/os-command-injection
Scores
CVSS v3
9.8
EPSS
0.3132
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
marvalglobal/marval_msm
14.19.0.12476
Published
Jun 28, 2022
Tracked Since
Feb 18, 2026