CVE-2025-1661

The repository contains a functional exploit for CVE-2026-22812, demonstrating remote command execution (RCE) in OpenCode. The script sends a crafted JSON payload to the target's session endpoint, then executes commands via the shell endpoint, verifying success by checking for 'uid=' and 'gid=' in the response.

This is a functional exploit for CVE-2025-1661, targeting a Local File Inclusion (LFI) vulnerability in HUSKY – Products Filter Professional for WooCommerce. The exploit can escalate to Remote Code Execution (RCE) via log poisoning.

This repository contains a proof-of-concept for an unauthenticated Local File Inclusion (LFI) vulnerability in the HUSKY – Products Filter Professional for WooCommerce plugin. The exploit leverages the `template` parameter in the `woof_text_search` AJAX action to read arbitrary files from the server.

This repository contains a detailed writeup and proof-of-concept for CVE-2025-1661, an unauthenticated Local File Inclusion (LFI) vulnerability in the HUSKY – Products Filter Professional for WooCommerce plugin for WordPress. The vulnerability allows attackers to include and execute arbitrary files on the server via the `template` parameter of the `woof_text_search` AJAX action.