Share
## https://sploitus.com/exploit?id=0DC1E3EB-61A0-5BFC-AD40-DA2B5F211551
# CVE-2024-2928
Arbitrary file read exploit for CVE-2024-2928 in mlflow (specifically in version 2.9.2, which was fixed in version 2.11.3)

The exploit code tested on Linux

Source: https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298

Usage python3 CVE-2024-2928.py -t 127.0.0.1 -p 5000

* After run, give the full path of the file
  * If the file exists and the process has sufficient permissions to read it, than the contents will be displayed
  * Otherwise "File not found" message will appear

* Press Ctrl + C to exit