EIP-2026-104912

PRE-CVE

Achievo 1.4.3 - Multiple Authorisation Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104912. PoCs published by Pablo Milano.

AI-analyzed exploit summary The advisory describes an authorization flaw in Achievo 1.4.3, allowing arbitrary activity creation and deletion by manipulating user IDs in POST requests. No exploit code is provided, only a proof-of-concept description.

Description

Achievo 1.4.3 - Multiple Authorisation Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Pablo Milano · textwebappsphp

https://www.exploit-db.com/exploits/15145

View Code ZIP pw:eip

The advisory describes an authorization flaw in Achievo 1.4.3, allowing arbitrary activity creation and deletion by manipulating user IDs in POST requests. No exploit code is provided, only a proof-of-concept description.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Achievo 1.4.3

Auth required

Prerequisites: Valid user session · Knowledge of target user IDs

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026