CVE-2025-2539

The repository contains a functional exploit for CVE-2026-22812, demonstrating remote command execution (RCE) in OpenCode. The script establishes a session, then sends a crafted JSON payload to execute the 'id' command, verifying vulnerability by checking for 'uid=' and 'gid=' in the response.

This PoC exploits CVE-2025-2539, an arbitrary file read vulnerability in the File Away WordPress plugin (versions <= 3.9.9.0.1) due to missing authorization checks. It extracts a nonce from the target site and uses it to read arbitrary files via an AJAX endpoint.

This is a functional PoC exploit for CVE-2025-2539, targeting an unauthenticated arbitrary file read vulnerability in the WordPress File Away Plugin ≤ 3.9.9.0.1. The script fetches a nonce and uses it to exploit an exposed AJAX endpoint to read arbitrary files.

The repository contains a functional exploit for CVE-2025-2539, an authenticated arbitrary file read vulnerability in the File Away WordPress plugin (versions <= 3.9.9.0.1). The exploit leverages unsanitized input in the 'fileaway-stats' AJAX action to perform directory traversal attacks.

This Python script exploits CVE-2025-2539, an arbitrary file read vulnerability in File Away WordPress plugin versions below 3.9.9.0.1. It fetches a nonce from the target and uses it to retrieve sensitive files via an AJAX endpoint.

This is a functional exploit for CVE-2025-2539, targeting an arbitrary file read vulnerability in the FileAway WordPress plugin (<= v3.9.9.0.1). The exploit extracts a nonce from the target page and uses it to send an AJAX request to read arbitrary files, then downloads and saves the file content.

This PoC exploits CVE-2025-2539, an unauthenticated arbitrary file read vulnerability in WordPress File Away plugin <= 3.9.9.0.1. It automates nonce extraction, file reading (e.g., wp-config.php), and credential validation, including remote DB access checks.