Share
## https://sploitus.com/exploit?id=974D7017-AA42-5E68-9196-4FC1015C2427
# Proof of Concept (PoC) for CVE-2023-40028

CVE-2023-40028 is a **vulnerability in Ghost CMS that allows arbitrary file reads through improper file handling.** This PoC demonstrates how the exploit works under controlled conditions. **Educational use only.**

**Reference:** Adapted from the original PoC by [0xyassine](https://github.com/0xyassine/CVE-2023-40028), rewritten in Python and applied to the HackTheBox challenge "LinkVortex."

### Summary:

1. **Vulnerability:** Arbitrary file read in Ghost CMS.
2. **Impact:** Access to sensitive files on the server.
3. **Fix:** Update to the latest Ghost CMS version.

**Usage:**
```
python3 ./CVE-2023-40028.py --url <http://abc.xyz> -u <username> -p <password>
```

**Use this information responsibly. Unauthorized exploitation is illegal.**